February 15, 2018 OpenID Board Call Minutes Present: Don Thibeau, Executive Director Mike Jones Nat Sakimura Brian Berliner Bjorn Hjelm Prateek Mishra Ashish Jain George Fletcher
Absent: John Bradley Pamela Dingle Adam Dawes Tony Nadalin Tushar Pradhan Masato Obata Visitors: Phil Hunt, Oracle Visitors on the Phone: Tom Smedinghoff, Locke Lord LLP Mike Leszcz, OIDF 1. OIDF/OIX/Open Banking Workshop in London Mike reported on last month's financial workshop in London. He learned things about the way the financial people think about the "embedded" profile - that they consider all actors to be within the security perimeter and so it's not a problem in their thinking for one actor to collect credentials that belong to another. Hans Zandbelt gathered additional data for his report on the Open Banking test suite developed by FinTech Labs and its contractors. That software is currently incomplete in a number of ways. There is no plan to incorporate the full functionality of the OpenID Certification test suite into the Open Banking test suite. There is no plan to be able to operate or maintain the testing software on an ongoing basis. The Open Banking specs are similar to but different from FAPI specs in some ways. Don sent a report on Certification status and plans for 2018. 2. FAPI Update Nat reported on the state of the FAPI work and its relationship to Open Banking. They are producing a high security profile for OpenID Connect. FAPI has had two Implementer's Draft votes. They plan to hold another one soon. FAPI has a profile of the MODRNA Client Initiated Backchannel Authentication (CIBA) spec. Open Banking considers FAPI a target. They aspire to be fully FAPI compliant. 3. Data Sharing Agreement Workshop Tom reported that Google recently hosted a workshop to develop a legal agreement to use for data sharing. They are starting with a bilateral agreement. They plan to contribute a model agreement to the RISC working group. Eventually they want to get to a trust framework. In this first meeting, one of the goals was educating the participating lawyers. The lawyers plan to work among themselves and report back. 4. Election Update George Fletcher and Ashish Jain were re-elected. See https://openid.net/2018/02/06/openid-foundation-board-2018-election-results/. 5. Selection of Officers The current officers were all willing to continue to serve. No volunteer offered to replace the current officers. The current slate of officers was unanimously reappointed. 6. Partner / Liaison Update A new liaison relationship was established with TC 68 in ISO (Financial Services). We can join their calls. We have an existing liaison relationship with SC 27 (Security, IDM, Privacy). We can submit comments. Mike has informally updated some FIDO members on the state of the EAP specifications. 7. Financial Workshops We are scheduling a series of workshops around the world on open banking and related topics. Don is hoping for FAPI interop work at the Identiverse conference. There will be a board meeting and OpenID workshop at EIC. 8. Women in Identity Organization Don created a challenge grant to provide some initial funding to help the new Women in Identity organization get started. Several foundation members have committed to contributions. See https://openid.net/2018/01/11/women-in-identity-event-january-29-2018/ and https://openid.net/2018/02/14/the-london-chapter-of-women-in-identity-held-its-first-ever-event-on-the-29th-of-january-2018/. 9. OIX Work on Trust Frameworks An OIX workshop on Trust Frameworks is being planned targeted at lawyers. The goal is to educate and make progress on moving from bilateral agreements to trust frameworks. Stanford will be hosting the workshop on May 9th. 10. Upcoming Events Oracle is hosting the Monday OpenID Workshop prior to IIW. There will be a Board dinner and social event during the RSA conference. [Nat reported that Masato tried to join but was having technical difficulties.] 11. W3C "Verifiable Claims" Interest Group We discussed the work happening in the W3C "Verifiable Claims" interest group. They are not using either SAML or JWT tokens to represent the claims but are using RDF under the covers. We discussed the desire to avoid JSON-LD. Nat plans a session at IIW comparing self-issued ID Tokens with other self-asserted identity formats. 12. Financial Update We are in strong shape, with a contingency fund, money in the bank, and money to fund the certification program. We have a contractor doing marketing and social media work. We are making an investment in marketing. 13. Infrastructure Update We are moving our WordPress installation to a machine with modern, supported software versions. Nov Matake is doing this for the foundation, with assistance from OSUOSL. 14. Membership Update Membership levels are steady at all membership levels.
February 15, 2018 OpenID Board Call Minutes.docx
Description: February 15, 2018 OpenID Board Call Minutes.docx
_______________________________________________ board mailing list bo...@lists.openid.net http://lists.openid.net/mailman/listinfo/openid-board
