April 30, 2020 OpenID Board Call Meeting Minutes Present: Don Thibeau, Executive Director Nat Sakimura Mike Jones Bjorn Hjelm George Fletcher Dale Olds Eric Schreiner Takehisa Shibata Wesley Dunnington Lovlesh Chhabra John Bradley
Absent: Filip Verley Amit Dhingra Takao Kojima Visitors: Mike Leszcz, OpenID Foundation Tom Smedinghoff, Locke Lord LLP 1. Crisis Planning Overview Reductions in financial and human capital are underway in some companies. But there is significant opportunity with many things moving online. OpenID plays a critical role in the ongoing digital transformation. We are closely watching our budget and looking at ways to conserve our funds. For instance, we are suspending marketing expenses for the time being. We have obvious savings from reduced travel and conference expenditures. We are working closely with conference organizers to maintain the OpenID Foundation's presence in the coming virtual workshops. We are planning joint online workshops with a number of organizations, among them, OBIE, SWIFT, GSMA, and FDX. 2. Certification Program Security Review We commissioned an external audit of the OpenID Certification program in light of a security incident at a party working on certification. We have updated some of our information handling policies and external communications, including our FAQ, as a result of the audit, in consultation with our legal counsel. The certification contractors will be signing an NDA. Akamai also reviewed the security audit. 3. Certification Program Commercial Review We've had lower than expected participation by the UK banks in FAPI certification. The banking regulators there have apparently not been pressing the major banks and fintechs to certify to the FAPI standards. We've been assured that the regulators will be issuing updated guidance. But at present, we're losing substantial amounts of money on certification. Nat reviewed some possible changes we could consider to put certification on a better financial footing. We are drafting a letter to the OBIE trustee asking for action on getting the UK banks and fintechs to certify. We will send that after the joint OBIE/FAPI workshop. Getting their attention during the current crisis management situation may be challenging. Mike Jones pointed out that our certification costs will reduce in two ways once we've migrated OpenID Connect certifications from the Python suite to the Java suite: First, we'll stop having to pay to operate two different things. Second, we'll won't be paying for substantial new code development as we are now. Don and Mike Leszcz are working with Hans Zandbelt on estimates for reduced operation expenses once the migration is complete. 4. Liaison Update We have liaison workshops with OBIE , Institute of International Finance, Financial Data Exchange, and the GSMA in the next few months. We had one with SWIFT earlier this week. FDX is building their own open banking stack in the US. We have briefed FDX on FAPI and the certification program. Intuit is both a FAPI leader and a leader in the FDX banking stack work. Chris Michael described the benefits of deprecating OBIE's custom profile in favor of FAPI. FDX is now favorably disposed towards using FAPI. Bjorn reported that the GSMA is doing an internal update on MODRNA, FAPI, and eKYC-IDA next month. This is a prelude for a joint workshop with the GSMA. Bjorn is working on a liaison relationship with 3GPP. Don is working on a liaison relationship between FAPI and the W3C Web Payments working group. Nat suggested that we have Dave Tonge be our liaison officer. Don will contact him. The OpenID Foundation has been requested to be a member of the to-be-formed Trust Over IP Foundation at the Linux Foundation. Don will evaluate and send a recommendation to the board. Nat is working on us achieving ISO PAS (Publicly Available Standard) submitter status at ISO/IEC JTC1. This is important for the ISO mobile drivers' license work. 5. Membership Fees Review Given the world financial situation, the executive committee decided not to change our fees at this time. 6. Website Update Proposal We are considering ways to make it easier and more compelling to join the OpenID Foundation. We have a proposal from a trusted vendor. This would reskin the current WordPress site but leave the Ruby membership site alone. The goal is a more modern look and feel and easier navigation. Wes is reluctant to spend the money now. George shares those concerns. Bjorn would like a proposal of what they plan to do. Mike Jones pointed out that our WordPress site is maintained by over a dozen people, including working group chairs, who maintain their working group pages. And we need to maintain the wp-content files, which among other things, are used by the certification program and for contribution agreements. George would like to understand how it gets integrated with what already exists. Mike Leszcz will send a more detailed proposal to the board. We will take this up during the next board meeting in June. 7. 2020 OpenID Foundation Calendar The OpenID Workshop on May 21st was announced at https://openid.net/2020/04/27/openid-foundation-virtual-workshop-may-21-2020/. The next board meeting will be June 11, 2020. For more calendar information, see https://openid.net/foundation/calendar-of-events/.
April 30, 2020 OpenID Board Call Meeting Minutes.docx
Description: April 30, 2020 OpenID Board Call Meeting Minutes.docx
_______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
