Hey Mike -- I'm not sure it really matters, but I was on the phone for this meeting. I didn't say anything because I was in the airport (and then onboard my aircraft), but was present for whole meeting, only missing the very beginning and a little bit of the meeting that went over the time at the end there.
Thanks! On Mon, May 9, 2016 at 3:01 AM, Mike Jones <[email protected]> wrote: > *April 27, 2016 OpenID Board Meeting Minutes* > > > > *Present:* > > Don Thibeau, Executive Director > > John Bradley > > Mike Jones > > Nat Sakimura > > George Fletcher > > Prateek Mishra > > Brian Berliner > > Dale Olds > > Adam Dawes > > > > *Present on the Phone:* > > Bjorn Hjelm > > > > *Absent:* > > Debbie Bucci > > Pamela Dingle > > Lydia Varmazis > > Tony Nadalin > > > > *Visitors:* > > Tom Smedinghoff, Locke Lord LLP (on the phone) > > Mike Leszcz, OIDF (on the phone) > > Phil Hunt, Oracle > > > > *1. **New Board Member* > > We welcomed Oracle to the board. Prateek Mishra and Phil Hunt are in > attendance from Oracle. > > > > Prateek said that Oracle is working to integrate an identity fabric with > business services – both for external applications and within the company. > Phil Hunt said that SCIM is very important to Oracle and sees potential > synergies between SCIM and OpenID Connect. Phil talked about developing > best deployment practices. George and Brian and John affirmed Oracle’s > goals. Phil expressed a desire for us to evaluate the possibility of doing > SCIM interop and possibly conformance work, which the IETF doesn’t do. > > > > *2. **Legal and Policy Review* > > Tom has been going through our mostly 7-year-old legal documents, > addressing issues found. One item was to create a software contribution > agreement based upon the Google contribution agreement. Some members and > potential members had also identified issues. We are explicitly not > touching the IPR Policy and IPR Process documents. > > > > Tom has sent revised copies to the EC for review and is awaiting > comments. Then they will be circulated to the full board. The new > versions separate policies from procedures. > > > > Mike described that the IPR policy and process documents are, by design, > difficult to update. Nat pointed out that we did update them once, in > 2009, to streamline the specifications council working group approval > procedures. > > > > *3. **Status of Trademarks* > > There is a deadline of May 6th for a response to a trademark registration > refusal in Canada, which is related to SXIP’s registration of OpenID in > Canada. Mike Jones and Don Thibeau are in communication with Dick Hardt > about assigning SXIP’s registration to the OpenID Foundation, which Dick > has agreed to do. > > > > *4. **OpenID Certification* > > Mike reported on the status of the certification program. The number of > registrations continues to grow. Registrations are now being paid for by > registrants. OpenID Connect working group members and Don are working with > Roland Hedberg on advancing the RP certification program during IIW. > > > > *5. **Website Update* > > Mike reported that we are making substantial progress both towards > deploying the revised membership Ruby code and towards transitioning from > Darin Richardson, as our web site developer to Nov Matake, who has agreed > to become our new web site developer. Mike and Don have continued to work > with both Darin and with OSUOSL and are happy to report that the new code > is now running on a staging server and another server that will be put in > production to replace the 7-year old Ruby deployment, after the new code > has been evaluated and accepted. > > > > *6. **Working Group Updates* > > There were substantive working group updates at the OpenID workshop on > Monday, so we didn’t repeat most of that content here. > > > > Adam reported that Google is working on opening up their Android password > manager and Account Chooser experience to other platforms. This would > require a standard password manager API. That work is happening in the W3C > Web Credentials working group. The Account Chooser working group may > choose to utilize and build upon this functionality. > > > > *7. **Financial Update* > > The foundation is in sound financial shape. The legal efforts have been > the primary cost driver but there are sufficient existing funds to cover > that work without needing directed funding. > > > > *8. **Recognizing Substantive Contributions to the Foundation and > its Mission* > > In recognition of their substantive contributions towards the creation of > the OpenID Foundation and their long-term technical contributions to OpenID > Foundation specifications, the foundation elected to honor David Recordon, > Dick Hardt, and Drummond Reed by offering them lifetime invited expert > status and accompanying free lifetime individual OpenID Foundation > memberships. John made the motion and Adam seconded it. The motion passed > unanimously. > > > > *9. **Communication about Security Best Practices* > > William Denniss led a productive discussion at IIW based on input from > George Fletcher at the Monday OpenID workshop on OAuth mix-up attacks and > related issues. We gathered notes about vulnerabilities for purposes of > possibly publishing them as an informative note on the OpenID blog. > > > > Don pointed out that our mission includes adoption. He said that > publishing advice to developers is a way of adding value to members, > including internationally. We might call it a “Deployment Advisory” in the > title. Mike said that it would be OK for the blog category to be “Security > Advisory” but people thought that was too strong to use in the title. Our > communication needs to include information on cross-site request forgery > and the mix-up attacks. > > > > We will ask William Denniss to be lead author on the text. Mike, John, > George, Phil, and Don will review the text. > > > > George moved that we publish information conveying the security and > deployment guidance. Brian seconded the motion. John pointed out that we > can coordinate with NIST, who has mechanisms for publishing security > advisories, and that that might have a favorable side-effect of helping to > deepen NISTs engagement with the OpenID Foundation. > > > > _______________________________________________ > board mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-board > > -- [image: Ping Identity logo] <https://www.pingidentity.com/> Pam Dingle Principal Technical Architect Ping Identity @ [email protected] [image: phone] +1 303.999.5890 [image: twitter] @pamelarosiedee Connect with us! [image: pingidentity.com] <https://www.pingidentity.com/> [image: twitter logo] <http://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm> [image: twitter logo] <https://twitter.com/pingidentity> [image: youtube logo] <https://www.youtube.com/user/PingIdentityTV> [image: LinkedIn logo] <https://www.linkedin.com/company/21870> [image: Facebook logo] <https://www.facebook.com/pingidentitypage> [image: Google+ logo] <https://plus.google.com/u/0/114266977739397708540> [image: slideshare logo] <http://www.slideshare.net/PingIdentity> [image: rss feed icon] <https://www.pingidentity.com/blogs/> ------------------------------ [image: CIS 2016] <https://www.cloudidentitysummit.com/en/index.html>
_______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
