April 22, 2015 OpenID Board Meeting Minutes Present in Person: Don Thibeau, Executive Director Nat Sakimura Mike Jones Adam Dawes Tony Nadalin Debbie Bucci Roger Casals
Present on the Phone: George Fletcher John Bradley Absent: Raj Mata Pamela Dingle Torsten Lodderstedt Dylan Casey Tracy Hulver Visitors in Person: John Ehrig, Global Inventures Tom Smedinghoff, Locke Lord LLP Brian Berliner, Symantec Bjorn Hjelm, Verizon Harm Jan Arendshorst, Verizon Mike Polasky, Verizon Visitors on the Phone: Mike Leszcz, OIX 1. Certification Program Launch [cid:[email protected]]Our press release is up at http://openid.net/2015/04/17/openid-connect-certification-program/. We launched with five participants: Google, Microsoft, Ping Identity, ForgeRock, and NRI. Symantec provided key hosting services and PR planning services for the launch. Companion releases are up at http://openidentityexchange.org/2015/04/oixnet-launch/ and http://www.geant.net/MediaCentreEvents/news/Pages/OpenID_Connect.aspx. All are generating substantial interest. Mike Jones described next steps for the certification program, including RP certification, minor reorganizations of the OP tests, and of course, additional certifications, both by existing participants and by new participants. Tony Nadalin and Don Thibeau suggested we write a brief whitepaper describing the value propositions of self-certification and registration. Mike Jones reported that the executive committee has unanimously approved a performance bonus for Don Thibeau, based upon the value and quality of his work to develop and launch the OpenID Certification program. The board unanimously joined the executive committee in thanking Don. 2. Trademark Status Tom Smedinghoff reviewed our trademark status. "OpenID" has been registered as a trademark in the US, Japan, and several European countries. The US registration was in a class only applying to software products. Tom recommends that we register the mark in the US in additional classes, including those applying to adoption of standards. Certification marks are distinct from trademarks. We have created the "OpenID Registered" certification mark. It is being registered in the US, Canada, EU, and Japan. The right to use that mark in specified ways has been granted to those who have achieved certifications in the manner described in the Certification Terms and Conditions document. The executive committee will consider additional trademark and certification mark registration actions from time to time, informed by our business needs and goals. We also license the use of the "OpenID" trademark in the manner described at http://openid.net/trademark-license/. 3. Contact with OIX We have a signed contract with OIX enabling the OIDF to use the OIXnet registry to register OpenID certifications. 4. Liaison Relationships We created a liaison statement to ITU-T Study Group 17 (Security). Abbie Barbir is the liaison to the OIDF from SG17. We have category A4 and A5 liaison status. This gives us the ability to send documents to ITU-T and get "X." numbers for them. Debbie Bucci suggests that we consider liaison relationships to the healthcare organizations HR7 and IHE. Tony Nadalin is our liaison to the FIDO Alliance. FIDO is missing a formal liaison process and so has not responded to our request to establish a liaison relationship. Nat Sakimura reported that there are a number of Internet of Things (IoT) standards initiatives. These include ISO/IEC JTC 1/WG 10 on IoT, W3C Web of Things interest group, the IETF ACE WG, and TCG. We should monitor these. Nat also recommends that we establish a liaison relationship to WG 10. Nat will investigate this. The US federal government is planning to write a profile of OpenID Connect. Debbie Bucci reports that John Bradley and Justin Richer may be involved in this. Apparently the goal is to mirror the US government SAML profile. 5. OpenID Connect Working Group Status Mike Jones reported that in addition to the certification work the working group has been doing, the OpenID 2.0 to OpenID Connect Migration specification is now final and the OAuth 2.0 Form Post Response Mode spec will become final on Friday. 6. NAPPS Working Group Status NAPPS had a productive meeting during IIW two weeks ago. The specs are being revised. Demos are planned with Google at the Cloud Identity Summit. 7. HEART Working Group Status At the HIMSS conference last week, HEART did a demo of "Privacy on FHYR" - user managed consent for data sharing. They are getting lot of visibility. They held an in-person working group meeting at HIMSS. 8. RISC Working Group Status The working group has started and a number of contribution agreements from prominent participants have already been received, including Google, Microsoft, LinkedIn, and Confyrm. Facebook and Twitter are expected. There are some competing efforts by Facebook and OASIS. Adam Dawes and Tony Nadalin will reach out to the OASIS working group organizers. The OASIS effort is using a MITRE specification called STYX. We need to coordinate and avoid confusing people. The working group is planning to issue a press release within a week or two. Adam is coordinating its content. 9. Account Chooser Working Group Status The working group decided to publish two specifications - a simple high-level spec and an advanced spec, providing more control. A vote is planned for the specifications. The WG has been coordinating with the Mobile Profile working group. They are considering how to use phone number-based identifiers in Account Chooser in a privacy preserving manner. 10. Mobile OpenID Connect Profile Working Group Status The working group is considering adopting a new name. One possibility being considered is the acronym MODRNA, which stands for Mobile Operator Discovery, Registration & AutheNticAtion - and which would be pronounced modern-ah. They are trying to figure out how to better coordinate with the GSMA's Mobile Connect product effort. 11. Marketing Committee Status The marketing committee has been focused on the certification launch. They also recently provided input on a planned blog post on the OAuth PKSE work by Paul Madsen. Adam requests additional participation by members of other working groups to make sure that their interests are well served by the marketing committee. 12. Workshops Our next workshop will be on the first day of the European Identity and Cloud Conference on May 5, 2015. See https://www.id-conf.com/events/eic2015-openid. 13. Proposal for More International Meetings Nat suggested that we should hold additional meetings in non-US venues by virtue of us being an international organization. One kind of meeting we could have internationally is board meetings. We should also consider promotional meetings targeted at particular sectors and jurisdictions. One model to emulate is the OpenID Summit held in Japan four years ago. Tony is worried about achieving quorum for internationally held board meetings. 14. Financial Update Don committed to giving a report on the investments made to create and launch the certification program. We are slightly under budget for this effort. We have not had to request additional funding for this effort, even though some was available. We are at a solvent and steady state. We have a steady stream of renewals at the board level. From a recruitment perspective, the RISC and HEART working groups are major new draws. The certification program is also attracting new members and motivating renewals. Don is doing research on possible pricing for the certification program. The executive committee will be taking this up. 15. Next Board Meeting Our next board meeting will be at the Cloud Identity Summit on June 10th. Mike Jones requested that a minimum of two hours be allocated to board meetings to provide adequate time for substantive discussions of issues.
April 22, 2015 OpenID Board Meeting Minutes.docx
Description: April 22, 2015 OpenID Board Meeting Minutes.docx
_______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
