September 30, 2019 OpenID Board Meeting Minutes Present: Don Thibeau, Executive Director Nat Sakimura Mike Jones John Bradley George Fletcher Wesley Dunnington Eric Schreiner Lovlesh Chhabra
Present on the Phone: Dale Olds Takehisa Shibata Absent: Amit Dhingra Takao Kojima Filip Verley Visitors: Mike Leszcz (on the phone) 1. Board Updates Eric Schreiner is now representing Akamai (following Akamai's acquisition of Janrain). Filip Verley is now representing Google, since Adam Dawes is no longer working in the identity space. The board unanimously appointed Bjorn Hjelm as acting Vice Chairman to replace Adam. 2. Certification Program Update Mike Jones reported that the first Third-Party Initiated Login certifications have come in and that the OP logout tests are now in alpha release, with pilot mode expected to begin shortly. The first FAPI-CIBA certification has also occurred. The board considered the proposal to migrate the Connect certification functionality from the existing Python code to the Java test suite, based on proposed milestones submitted by Hans and the Certification team. Don and John assured us that we do have the funds to pay for the migration. The board unanimously approved the migration proposal. Don reported that we don't have a solid pipeline of certifications for FAPI deployments. We believe that banks will be doing FAPI certifications - we just don't know the timeline. OBIE is turning off their certification test suite today. 3. Certification for Open Source Projects The Apache Foundation requested that they be allowed to certify Apache open source software for free. While the board is sympathetic to supporting open source, several felt that we would be on a slippery slope defining criteria for "qualified open source projects". Requests for sponsorship using Directed Funding is another mechanism that can and has be used to defray costs for some open source projects. The idea was tabled, pending further discussion. We will ask the certification committee for further input on the goals and possibilities. 4. FAPI Microsite Mike Leszcz has produced a draft of a FAPI "microsite". It's intended to be a less technical starting point/landing page for all things FAPI. It will be published at https://openid.net/fapi (much like the Connect introduction page is at https://openid.net/connect). Please review the draft contents at https://fapi.d-f.cc/. Dave Tonge and Mike Jones have provided early feedback on the content. 5. CAEP and the OpenID Foundation The board discussed interest by those working on a Continuous Access Evaluation Protocol (CAEP) in doing the work in an OpenID working group. Possibilities include doing the work in the RISC working group or forming a new working group. George doesn't want two publish/subscribe specifications, which could easily happen if there are two different working groups. Lovlesh stated that CAEP could actually fail if implementations don't even consume RISC. The sense of the board is that we believe that it's better to expand the RISC charter than to have two working groups. 6. Open Letter to Apple We are publishing a second letter thanking Apple for their diligence in fixing the security and interop issues identified and asking for additional usability improvements. The motion to publish the second letter unanimously passed. 7. Liaison Update We are working with the Financial Data Exchange (FDX), the Financial Data and Technology Association (FDATA), and the Open Banking Implementation Entity (OBIE) in the FAPI space. We are working with Project Verify - the four US mobile network operators - in the mobile space. We have a liaison relationship with IdentityPython for Python OpenID Connect libraries. Mike suggested that we drop the IdentityPython liaison work, given that the Python JWTConnect libraries are not likely to be joint work due to lack of funding, going forward. The board concurred. We agreed to establish a liaison relationship with the W3C Web Payments WG. Tony Nadalin is in charge of the joint WebAuthn / Web Payments coordination effort. We will explore a liaison relationship with SWIFT for FAPI. 8. Membership and Marketing Update We are in e-mail contact with those who have certified. We're polling them about their certification experiences and soliciting their membership. Some former board members are considering rejoining the board. 9. Bitbucket Deleting Mercurial Repositories Bitbucket is deleting Mercurial repositories on June 1, 2020. We will lose the issues, etc. unless we export them. We should encourage editors and working groups to make orderly transitions to Git repositories, whether on Bitbucket, GitLab, or GitHub. This is an issue for multiple working groups and specs, including OpenID Connect. 10. AppAuth Maintainers George resumed the ongoing discussion about maintainers for libraries. Verizon Media is volunteering to become a maintainer for the Android AppAuth library. He proposed this to the Connect working group. George and Lovlesh said that if we're going to continue maintaining these, that we should also be marketing them. Mike reminded people that the board long ago decided that it was up to working groups to decide what libraries to maintain and how to do so. Some are still hoping for us to put some basic policies in place. We could add something to the "How Working Groups Work" FAQ about guidelines for accepting pull requests for libraries that we maintain - specifically, that multiple committers should review each PR. 11. Possible Whitepapers Our FAPI, etc. whitepapers are off to a slow start, due to resource conflicts of the writers. 12. Upcoming Events The schedule of upcoming events for 2019 and 2020 is posted at https://openid.net/foundation/calendar-of-events/.
September 30, 2019 OpenID Board Meeting Minutes.docx
Description: September 30, 2019 OpenID Board Meeting Minutes.docx
_______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
