April 4, 2019 Executive Committee Call Minutes Present: Nat Sakimura Mike Jones John Bradley George Fletcher Don Thibeau, Executive Director
Absent: Adam Dawes Visitors: Takehisa Shibata, KDDI Tom Smedinghoff, Locke Lord LLP 1. Membership Update Akamai (which acquired Janrain) has joined the board and will be represented by John Summers. Ping Identity's new board representative is Wesley Dunnington. 2. Open Banking Implementation Entity OBIE decided not to follow through on their handshake agreement to pre-pay for 15 certifications. We are disappointed that the proposed agreement fell through. Don has asked them to confirm that they will deprecate their test suite in September. He also asked them to confirm that the CMA 9 banks will certify at least once a year. They plan to send their members to our certification suite going forward. 3. Certification Update Financial-grade API (FAPI) Read/Write OP certification launched on April 1st. We already have FAPI certifications from ForgeRock and Authlete. There is keen interest by other vendors. We don't know when we'll receive the first certifications from banks. There are no FAPI RP certification instructions yet, but they are expected later this month. FAPI RP certification will launch in pilot mode. Joseph Heenan is working on FAPI CIBA certification code. There are also several developments for OpenID Connect certification. The Form Post Response Mode profiles have reached production status. The Third Party Initiated Login profiles are in pilot mode. And the new Logout tests are live at new-op.certification.openid.net and are being tested by early testers. As expected, having these tests is raising some questions about the intended semantics of some features of the logout specs. This is valuable feedback before these specifications become final. 4. FAPI Standardization Update The FAPI working group is now having three calls every two weeks to accelerate progress, including working on CIBA and diligently tracking issues. The MODRNA CIBA Implementer's Draft is generic. There are profiles for mobile operators and Financial-grade APIs being defined. The FAPI CIBA profile tightens a number of things - possibly enabling formal verification. 5. Libraries Program Update Don reports that Adam Dawes isn't sure when his proposed directed funding for libraries will come through. George talked about possible library options. We could allow people to update their libraries to the OpenID GitHub. We currently have people contribute their code to working groups, which provides a clean IPR container. Even beyond that, the Foundation could designate some libraries as being high-quality and well-resourced, when appropriate. We don't have policies in place for how many maintainers contributed libraries need to have or policies for how to add and remove maintainers. For instance, a former AppAuth maintainer can no longer maintain one of the projects and it's not clear how to choose successors. Mike repeated that our current procedures are for people to contribute code to working groups and it's up to the working group whether to work on it. Mike stated that he's against us hosting random code. George agreed. Nat reminded us that there's a standing deliverable for Don to create a report on how other organizations manage libraries. He plans to deliver that report before our board meeting in Mountain View. Mike stated that it's a working group decision right now who to add and remove as maintainers and whether to start or stop working on a library. For instance, George could propose a new AppAuth maintainer that he has in mind to the Connect working group. 6. Liaison Update The Financial Data Exchange (FDX) and the OpenID Foundation have announced that they are collaborating. See https://openid.net/2019/04/02/financial-data-exchange-openid-foundation-take-step-towards-global-standard-for-financial-data-sharing/. FDX is supportive of the FAPI standard and test suite. Expect a similar announcement with the Financial Data and Technology Association (FDATA) in the next few weeks. Project Verify is a joint venture by 4 major telcos in the US. We are working on a liaison relationship with them. Michael Engan is a lead architect of Project Verify. He and Bjorn Hjelm are advocates for them using OpenID Foundation standards. Don is in communication with entities in Canada, Australia, and New Zealand as well. 7. Recruitment Effort Don is preparing a recruitment campaign targeted at those who have certified. It will communicate actionable certification and foundation information for their benefit, including letting them know about FAPI certification and that Connect certification prices will go up in June. 8. Upcoming Events There's an OpenID Workshop the day before IIW and a board meeting during IIW. There's an OpenID Workshop and board meeting at EIC. The entire certification team will be at EIC, so this is a unique opportunity for board members and other active members to meet with our certification engineers. There's an OpenID Workshop and board meeting at Identiverse. 9. Decentralized Identity News Nat reports that Microsoft released Open Source using the OpenID Connect Self-Issued protocol for DID authorization. 10. French, Polish, and Czech Open Banking and FAPI John met with STET (the French open banking entity) last week and described FAPI and CIBA to them and compared them to their existing approaches. He'll be continuing the conversation. The FAPI working group is analyzing the Polish and Czech open banking APIs, which are also different than FAPI.
April 4, 2019 Executive Committee Call Minutes.docx
Description: April 4, 2019 Executive Committee Call Minutes.docx
_______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
