<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
mso-add-space:auto;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
mso-add-space:auto;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:291516714;
mso-list-type:hybrid;
mso-list-template-ids:-521622224 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><b><span style="font-size:12.0pt">April 25, 2022 OpenID Board Meeting Notes<o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><b>Attending In Person:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Nat Sakimura<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">George Fletcher<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Vittorio Bertocci<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Don Thibeau<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Mike Jones<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Mike Leszcz<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Nancy Cam-Winget<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">John Bradley<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Gail Hodges<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Kosuke Koiwai<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><b>Attending Remotely:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Asish Jain<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Bjorn Hjelm<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Wes Dunnington<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Takehisa Shibata<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Takao Kojima<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Luis Da Silva<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><b>Absent:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Filip Verley<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><b>Guests Attending In Person:<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Debbie Bucci – Equideum Health<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Lori Jordan – Visa<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Torsten Lodderstedt – yes.com<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Health Landscape and OpenID Opportunities<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Debbie Bucci addressed the board on this topic. IHE coordinates the use of existing standards to address specific clinical needs. HL7 is another relevant ANSI-accredited standards body that
focuses on the sharing and management of Health data. Both organizations have liaison or special agreements that permit them to share their profiles/standards with ISO TC 215 for consideration. She suspects there may be some work to extend 27001/27002 for
domain specific activities not necessarily covered under TC215 but she has yet to locate anything specific as of our meeting. She said that there’s a lot of opportunities to contribute to the health standards space. OIDF may consider liaison agreements
with either IHE or HL7 to directly impact work that is in progress at the pilot stage – still evolving.
<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">She said that having so much optionality will not get you to true interoperability. There are a number of ongoing efforts that require interoperability in exchanging health data both at the
network of networks layer and enabling patient/consumers to manage their data directly.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Gail asked if the board had feedback for Debbie in her investigations. Vittorio said that he felt like any investigation into GNAP would be a distraction. Gail is hoping for the healthcare
community to not create their own protocol standards. We talked about consent and authorization. Vittorio suggested looking at the Kantara consent receipt work. Nat said that some of that has been brought to ISO.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Debbie asked about the status of FAPI 2. Nat said that the security analysis work is starting. Torsten said that there’s a spec for explicit content management/grant management.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Discussion on GAIN<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Torsten talked with us about GAIN. He said that a community group is different than a standards effort. He said that they have a very diverse group of participants, which is a value in itself.
What’s missing is something to manage networks of providers. Torsten said that there’s substantial participation in GAIN by people from the SSI community. Torsten said that we can contribute to interoperability in that space.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Torsten told us about conversations in the EU about interoperability of identity systems. He said that he’s telling them that using multiple credential formats will hurt interoperability. And
that interoperability will be helped by using OpenID Connect between the wallet and other parties.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Gail and Torsten are hoping for some pilots to be up and running this year. The community group started in March. It took several months to create the participation agreement. The community
group has two different alternating meeting times that work well for different jurisdictions.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Don said that he thinks that OIX was very conservative in estimating that projects will take 2-3 years. He hopes that OIX and OIDF can find a middle ground together.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Torsten talked about interoperation between trust frameworks. Torsten said that RPs are being slow to implement.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Torsten said that the test networks are using no data about actual people – in part, to avoid legal and privacy issues.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">John surmised that those building components likely must have theories about how they will eventually monetize their participation. Torsten said that providers seem more enthusiastic than RPs
– possibly because they expect to be able to monetize providing the data.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Vittorio asked whether it would be possible to put a small slice into production – possibly with only one OP and one RP. Torsten said that technically yes, but the RP might wonder why they want
to enter production with only one OP.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Torsten is working on several non-regulated identity verification use cases. For instance, identity verification for Domain Name registration. GAIN has participation from Microsoft, Meeco,
InfoCert, which have incompatible wallet formats.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Discussion: Global Initiatives - EU Digital Wallet Initiative & OECD Privacy Enhancing Technologies (PETs)<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Torsten talked about tensions among different groups developing wallet formats. He talked about the EU wallet initiative and participation by member states. He said that there is an expert
commission. There’s a tender to work on the EU Wallet standard.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">There’s a short timeline for providing feedback on an OECD document on privacy enhancements. Mark Haine has been working on that.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">4.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>OIDF Strategy and Initiative Progress<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">There are a half dozen whitepapers being worked on. The Open Banking / Open Data whitepaper is published and is having a very positive response.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">5.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Marketing<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Mike Leszcz let us know that the strategy taskforce solidified much of the strategy and messaging being worked on. That will inform our messaging.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Carla Roncato is gathering data to prepare recommendations for a Website update. Carla is considering how we can enhance our strategic social media presence.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">6.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Kim Cameron Identity Award Pilot<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">We agreed to provide travel funding to three recipients to EIC. Our accountant suggested several tweaks, which we have implemented. He suggested adding a “per diem” update to our expense policy.
There was an update to the airfare policy. Submissions are due at the end of today. We will review submissions on Wednesday morning prior to IIW.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Mike, for the record, applauded Don’s direction to honor Kim with something that makes a difference, rather than just standing on stage and talking about him.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">7.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Resolution to Approve Updated Travel and Expense Policy<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">The resolution was unanimously approved.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">8.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Budget Report<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">John gave us a budget report. We are slightly over budgeted amounts on legal fees. Our projected cash at end of year is above $700,000. There are full financials to review in the membership
dashboard. Mike Leszcz talked about the mechanics of paying the OIDF Japan chapter their share of designated member dues, if requested by OIDF-J. We are sponsoring Identiverse. Microsoft allocated a longstanding directed funds balance to have the OpenID
Foundation support the OAuth Security Workshop (OSW).<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l0 level1 lfo1">
<![if !supportLists]><b><span style="mso-list:Ignore">9.<span style="font:7.0pt "Times New Roman"">
</span></span></b><![endif]><b>Emerging Issues and Opportunities<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">We already discussed the identity award pilot. George reported that the browser changes conversations are frustrating, as breaking changes appear to still be on the horizon that will break redirect-based
identity protocols. Vittorio said that he’s a big believer in the market correcting problems itself. Vittorio advocated helping the industry move from SAML to OpenID Connect because while Connect can be ready for the changes, SAML deployments will likely
break in unfixable ways. George considers WebCM to be a new identity protocol being written by non-identity people. John expressed that once these things are baked into the browsers, our ability to maneuver will largely be gone. Nancy asked whether we can
have a security review and that there should be a well-defined threat model. Gail asked if it was time for us to take additional actions. Vittorio thought that a letter won’t be effective until something breaks. Nancy thinks that education is very important;
she’s seeing privacy changes that break security. Vittorio and Nancy talked about highlighting the interdependencies between browsers and identity.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;line-height:normal">Mike said that our open letter to Apple was successful because it contained actionable feedback that was clearly in Apple’s best interest. Apple did take the actions identified. Mike said that
any letter we write on the proposed browser changes should aspire to be similarly actionable.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>