November 7, 2019 Executive Committee Call Minutes Present: Nat Sakimura Mike Jones John Bradley Bjorn Hjelm Don Thibeau, Executive Director
Absent: George Fletcher Visitors: Takehisa Shibata, NRI Secure Technologies Mike Leszcz, OpenID Foundation Tom Smedinghoff, Locke Lord LLP 1. Vice-Chairman Welcome The executive committee welcomed Bjorn Hjelm as the new vice-chairman. Note that Verizon is now a board member, as is Verizon Media. 2. Certification Program Update There's been significant progress towards releasing the logout tests to production, thanks to diligent efforts by Roland Hedberg, Tomas Pazderka, Hans Zandbelt, and Filip Skokan. Expect these to go live within a few days. This is important to provide feedback on the logout specifications before we take them to Final status. Two more FAPI certifications came in in October, both from vendors. OBIE shut down their certification site, so any future UK Open Banking certifications will come to us. We have our first FAPI CIBA OP certification. Instructions are being written for FAPI RP certification. The volume of OpenID Connect certifications continues to be higher than FAPI. Of note, GÉANT certified last month. Roland Hedberg has mostly completed his inventory of what the Python certification suite tests for OPs. The RP inventory work will begin soon. The certification team is designing the Java code to do OpenID Connect certification. There are still some rough edges. Currently FAPI submissions are being reviewed in the database, rather than based on the submissions. There's a design for a human-readable rendering to include in submitted results to facilitate direct reviews of the submissions. EC discussed and agreed with board's approval of Roland's SOW#2 - maintenance of the Python certification code during the first half of 2020. We noted that while some of the OP tests may be replaced by Java code by Spring, the RP tests will not be replaced until a number of months after that. Some of surplus money in the board-approved transition budget has been allocated by the EC to Serkan Özkan's SOW for the Java rendering code to produce human-readable output for submissions. 3. Federation Mike gave background information on progress with the OpenID Connect Federation work. Multiple reviews of the specification have come in and the specification has been updated to address the review comments. A release is pending that will be used for the second Implementer's Draft review. This version will be used for the hackathon at the Internet2 conference next month. The EC discussed Roland's two SOW's for Federation work in 2020. SOW #3 funds three Federation interop events in 2020. SOW #4 funds Roland continuing work on the spec itself during 2020. We discussed that while paying for spec work is an exception to our normal mode of operation, as we've done in 2019, we believe that it makes sense to continue doing so with Roland in 2020. Unlike most of the people who do spec work, Roland doesn't have a day job that supports this work, and Roland is very well connected to the research and education federation communities that are the target audiences of this work. We agreed that we should try to find additional active contributors to the spec who are subject matter experts. Andreas Solberg had been an active editor but apparently took a job that is currently fully occupying him. We have received ongoing reviews from experts such as Leif Johansson and others in the (traditionally SAML) R&E community. While evangelizing the Federation work, we also request that Roland look into potential future funding from GÉANT, the Internet Society, Internet2, etc. for this work. We recognize that it may be too late to get this funding for 2020 but if additional funding is needed in 2021, it's hoped that this can come from other organizations that have funded federation and interop work in the past. We hope that the specification reaches a final or near-final state in 2020, but recognize that feedback from implementations and deployments may result in it not yet being quite done by then. Note that Mike Jones plans to continue attending federation-related events in 2020 to help progress this strategic work. The EC unanimously approved SOW #3, the expenditures for which are under $10,000. The EC unanimously recommended that the board approve SOW #4. We will prepare materials to send to the board and schedule a board call in 2019 with two weeks' notice for the purpose of approving SOW #4. 4. FAPI Update Nat will be in London to give a FAPI presentation at API Days. The next generation PSD2 document is more aligned with the FAPI work. The working group is considering renaming the FAPI Read and FAPI Read/Write specifications to better align with security requirements. Names currently being discussed are "substantial" and "high". The working group intends to write down the corresponding security characteristics before doing any renaming. 5. Liaison Update Don is working with FDATA on an open banking summit in Edinburgh the first week of December 2019. See https://fdata.global/summit/. Don, Torsten Lodderstedt, Joseph Heenan, and several OBIE people will be there. The FinTech association, Japan is attending. 6. Calendar The foundation calendar at https://openid.net/foundation/calendar-of-events/ has been updated. The next planned face-to-face board member is at RSA. Nat suggested that Don poll the board to see how many board members plan to be at RSA. 7. W3C Committee Liaison Tony Nadalin asked the OpenID Foundation to appoint a liaison to a W3C joint committee including Web Payments, Web Authentication, and Web Applications Security. Nat volunteered to be a liaison officer from the OIDF. The second liaison person will be discussed during the next FAPI call. 8. OpenID Japan Summit Takehisa Shibata told us about the OpenID Japan Summit planned for Tokyo on January 24, 2020. The title is Identity and Digital Transformation. They are seeking approval of using funds from Japan Chapter members to help fund the event. We will add approving this to the planned board call agenda. The EC approved unanimously recommending approving to this to the board.
November 7, 2019 Executive Committee Call Minutes.docx
Description: November 7, 2019 Executive Committee Call Minutes.docx
_______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
