February 25, 2020 OpenID Board Meeting Minutes Present: Don Thibeau, Executive Director Mike Jones Bjorn Hjelm John Bradley George Fletcher Wesley Dunnington John Summers
Present on the Phone: Dale Olds Filip Verley Absent: Nat Sakimura Lovlesh Chhabra Amit Dhingra Takehisa Shibata Takao Kojima Visitors on the Phone: Mike Leszcz, OpenID Foundation Tom Smedinghoff, Locke Lord LLP 1. 2020 OpenID Foundation Board Elections We welcomed George Fletcher's and Dale Olds' continued participation in the board following their reelections. 2. Election of Officers The current officers, Nat Sakimura as Chairman, Bjorn Hjelm as Vice-Chairman, John Bradley as Treasurer, Mike Jones as Secretary, and George Fletcher as Community Representative, are all willing to continue to serve. John Summers moved and Wes Dunnington seconded a motion to reappoint the existing slate of officers. The motion passed unanimously. 3. OpenID Japan Summit in January The OpenID meetings in Japan were very well attended and many productive conversations occurred. Among others, we had a good meeting of those interested in the eKYC-IDA work. 4. FAPI Meeting in London Akamai hosted a FAPI meeting in London on February 17th that also included people from SWIFT. We are exploring ways of SWIFT and OpenID working together. 5. RISC Working Group Rechartered The RISC working group has been rechartered to be the Shared Signals and Events working group. See https://openid.net/wg/sse/. It now includes the Continuous Access Evaluation Protocol (CAEP) work as well as the existing Risk and Incident Sharing and Coordination (RISC) work. 6. Liaison Update We are working on a liaison agreement with SWIFT. We have an existing liaison agreement with FDX, who contributed the DDA specification to FAPI. We have a liaison agreement with FDATA, which has proposed a global interoperability working group for regulators and standards organizations to coordinate. Bjorn is working to establish a liaison relationship between 3GPP and OIDF. 3GPP is a partnership between seven SDOs around the world. They have a set of standards for mission-critical services, such as those for first responders. 3GPP has created an OpenID Connect profile that is used with the mission-critical services standards. Bjorn is making the case that this profile should move to the OpenID Foundation. 3GPP does not have a certification program and ours is attractive to them. Like we do with GSMA, they could share requirements with us and we could develop specs meeting those requirements. We are seeking ISO PAS (Publicly Available Standard) submitter status at ISO/IEC JTC1. This is important for the ISO mobile drivers' license work. 7. 2020 OpenID Foundation Calendar The following workshops are confirmed: * Monday, April 27th before IIW - Hosted by Google * Tuesday, May 12th at EIC in Munich * Monday, October 19th before IIW The schedule of upcoming events for 2020 is posted at https://openid.net/foundation/calendar-of-events/. 8. HEART Working Group Debbie Bucci has rejoined the foundation as an individual, having left ONC, and is working to continue the HEART work. 9. Certification Program Review Mike Jones gave a report on the engineering and deployment status of the Certification program. Migration. The work on replicating the Python conformance suite functionality in Java is progressing. OP and RP certification profiles for logout are now in pilot mode. The logout work completes the new code development in the Python suite. People giving us feedback on the logout specs, in part by certifying their implementations, is critical to us finalizing the logout specifications. Don reported on Certification finances. There's currently a large gap between our Certification expenses and income. We are not directly covering our costs. We don't have reliable data-based projections of future certification revenues. Mike Jones pointed out that we believe we have many members that we wouldn't have had if we didn't have certification, so we have largely indirectly covered our certification costs. He said that we're very very early in the open banking/FAPI journey, with likely lots of opportunity ahead. Bjorn pointed out that our certification program is a unique value-add that has been attractive to many organizations, including 3GPP. We need to find ways to make the certification program financially sustainable. Certification costs will go down once we retire the Python test suite and the Java test suite is in maintenance mode. But there will still be ongoing operating costs. Currently the FAPI certifications are resulting in substantially more questions on average than Connect Certifications, and so are more expensive to support. John Summers asked whether a conclusion from that is that FAPI certifications should cost significantly more than OpenID Connect certifications. Mike Jones stated that we need to make sure that the new Java-based certification tools become easy to use so that their resulting ongoing support costs go down. George stated that he believes that if working groups want certification for their specifications, that they should both write test requirements specifications and generate directed funding to pay for the certification engineering work. Others in the room concurred. Both John and Wes stated that it's much easier to allocate money than engineering time. John Summers believes that market players are more likely to result in certifications than regulators. Only five of the 70 UK banks are FAPI certified. Ten have obsolete OB certifications. Nat wants us to bring this data to those overseeing the UK Open Banking ecosystem. 10. Budget and Fees Update The EC recommended that we operate based on the proposed 2020 budget. We will continue evaluating certification finances and membership finances are part of the strategic discussions over the next few months. We reviewed the moderate membership fee increases proposed to the EC last week and there was support in the room for those increases. We will continue discussing options before putting specific fee increases in place. 11. Marketing Plan Don touched on several possible marketing initiatives. The EC will consider specifics. One is possibly scheduling an OpenID Workshop in partnership with SWIFT adjacent to Sibos in Boston, October 5-8, 2020. 12. Strategic Initiative Proposals Nat sent several proposed strategic initiatives to the board. Board members are encouraged to evaluate and discuss them.
February 25, 2020 OpenID Board Meeting Minutes.docx
Description: February 25, 2020 OpenID Board Meeting Minutes.docx
_______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
