April 2, 2020 Executive Committee Call Minutes Present: Don Thibeau, Executive Director Mike Jones Nat Sakimura George Fletcher John Bradley Bjorn Hjelm
Visitors: Mike Leszcz, OpenID Foundation Tom Smedinghoff, Locke Lord LLP 1. Certification Program Security Review The OIDF hired a security consultant to review an incident in which a party working on certification had a security problem in their deployment. A report was produced with some specific recommendations. Our legal counsel Tom Smedinghoff is also involved. Tom reviewed the draft report and made some recommendations. The report is protected by attorney-client privilege. Tom learned that those running the test suite have access to results. He also learned that many test results are public. Tom had recommended that the test team execute an NDA. He also wanted participants to be aware of when results are made public and in what way. Mike Jones added points 15 and 16 of the FAQ at https://openid.net/certification/faq/ making our data use policies clear. 2. Commercial Context for Certification Program We do not have a reliable model of future demand for certifications. We also hired a consultant to create a report on the certification marketplace and business mode. It analyzed our revenues and expenses in the certification marketplace at that time - mainly focusing on FAPI certifications. One thing we can do is to make OBIE aware of this problem. They are relying on this program but OBIE's members have often not been utilizing FAPI certification. Both OBIE and the CMA9 have an investment in the success of the certification program. Nat will draft a letter and run it by the executive committee in advance. John said that we likely want to find others to lobby the regulators as well. We are thinking about ways to reduce certification expenses, particularly once we've made the transition to the Java suite. John wondered if we can successfully contact the PISPs and solicit their participation. Tom asked whether there was any contractual commitment. Don said that there is not. We intend to return to these topics on a subsequent call. 3. Revisiting Review of OIDF Membership Fees We had previously reviewed proposed moderate fee increases and the EC was in favor of them. We will discuss this on a subsequent call. 4. Public Health and Economic Crisis Don, Mike Leszcz, and John Bradley are working on specific plans in response to the possible economic impacts from the public health situation. 5. Mercurial Migration Edmund Jay, Nat, and Mike Jones are working on migrating our Bitbucket repositories that use Mercurial. We plan to migrate them in the order "eap", "openid.bitbucket.org", "mobile", and "connect". 6. Next Meetings We will meet on the next two Thursdays at the same time.
April 2, 2020 Executive Committee Call Minutes.docx
Description: April 2, 2020 Executive Committee Call Minutes.docx
_______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
