June 22, 2022 OpenID Board Meeting Notes Attending In Person: Nat Sakimura George Fletcher Vittorio Bertocci Don Thibeau Mike Jones Mike Leszcz Nancy Cam-Winget John Bradley Gail Hodges Kosuke Koiwai Asish Jain Wes Dunnington
Attending Remotely: Gail Hodges Bjorn Hjelm Koske Koiwai Luis Da Silva Takehisa Shibata Absent: Filip Verley Guests Attending In Person: Joseph Heenan Debbie Bucci Atul Tulshibagwale Andre Priebe Yuriy Ackermann Guests Attending Remotely: Tom Smedinghoff Dima Postnikov 1. Key Wins (See Key Wins agenda slide) 2. Third Party Certification License Agreement The certification program is there to support the foundation's goals. We have requests to enable third party-certification. Some markets have expressed a desire of greater control over the certification process. The EC and staff have developed a draft plan to enable third-party certification. It would protect us from a liability prospective and protect our financial interests. Feedback from jurisdictions has been overwhelmingly positive, so far. We don't want to take on additional liability. Some potential partners have questioned whether that will work for them. We don't want to be holding production keys on our servers. Tom Smedinghoff talked about self-certification being a self-assertion of compliance. We haven't yet made a formal proposal to Tom. Mike stated that the goal should be that the assertion during third-party certification still make assertions about themselves. John said that some jurisdictions may want the third party to make the assertion. Mike is fine with licensed third parties making assertions on behalf of their clients. But we should be making no assertions that we're not already making. Mike pointed out that if we don't somehow enable third-party certification, that some jurisdictions will set it up themselves without us. So we don't have a good option not to solve this. There was unanimous board support to move in this direction. 3. Health Recommendations Debbie Bucci and Gail have been working on a health whitepaper. There's a draft published on the HEART working group site. They've shared it with the current US National Coordinator for Healthcare. They're receiving positive feedback from healthcare organizations. The HEART working group has been dormant for years. Nat asked Debbie what we should do with the working group. Debbie doesn't think we should continue the HEART working group as-is. There was board support for closing the HEART working group. Mike asked if any HEART specs are used in production. Debbie wasn't aware of any uses of them in production. Mike explained the Specifications Council processes for opening and closing working groups. Debbie agreed to report back on whether the current HEART specs are in production use. [ Debbie Bucci left at this point ] 4. Budget John reported that we're ahead on projected income due to early renewals. The certification program is cash-positive. Several new certification groups and recertification groups are expected in the next few months. 5. Possible additional certification types Ashish asked about establishing a people certification program. Mike talked his negative experiences with people certification programs on another board. Vittorio spoke against doing so. 6. Cookie and Browser Changes The W3C Privacy Community Group dropped the First Party Sets functionality after Apple said that they would not implement it. I looks likely that only Chrome will support it. Apple has expressed support for the FedCM proposal. Apple sees synergy between FedCM and IsLoggedIn. Apple plans to join the Federated Identity Community Group. Vittorio expressed that we should do more to help people migrate from SAML to OpenID Connect. John reported on staffing problems at research institutions. Mike said that at TNC/REFEDS there was talk of competent IT staff being picked off for much higher salaries. Gail asked if the board wanted to authorize funds to research the topic. There was no support expressed for doing so. Nat said we should continue discussions on the topic on board-private or Slack. [ Andre Priebe joined at this point ] [ Atul Tulshibagwale left at this point ] 7. SSE Tactics to Achieve Scale Nancy told us about outreach efforts for SSE. There was a press release on 6/20. They have a booth at Identiverse. CISCO is hosting a site with a reference implementation of SSE. Nancy would like the OpenID Foundation to take that over. She'd like to see certification for SSE. She hopes to see interop testing in the fall. Nancy is raising awareness to her enterprise customers. We discussed privacy perceptions and how they might affect adoption. We will continue discussions. 8. IoT Whitepaper Andre Priebe of the iC Consult Group asked us about interest in doing IoT work. He said that Fulup Ar Foll of IoT.bzh and Hannes Tschofenig of ARM were asking the same question. The board will discuss possibilities over dinner. [ Yuriy Ackermann and Dima Postnikov joined at this point ] 9. Ukraine Yuriy Ackermann of the Hideez Group reported on a ~100 fold increase cyber attacks since before the start of the invasion. That said, Russia is having an easier time destroying critical infrastructure with bombs than with cyber attacks. Ukraine has implemented robust online infrastructure. Microsoft and Yubico are helping both the government and critical infrastructure providers. Online government services continue operating, despite the physical attacks. Online systems are becoming a fundamental aspect of national security. Yuriy said that a barrier is the lack of localization of pertinent documentation. If you don't speak English, it's hard to know how to secure IT systems. He said that policies for strong security and authentication are being put in place. He said that the war is a crisis that may enable making Ukraine the most cyber-secure country in the world. Hideez has established a secure supply chain to import hardware into Ukraine. They have shipped tens of thousands of Yubikeys donated by Yubico. They have a goal of shipping a million Yubikeys by the end of the year.
June 22, 2022 OpenID Board Meeting Notes.docx
Description: June 22, 2022 OpenID Board Meeting Notes.docx
_______________________________________________ board mailing list [email protected] https://lists.openid.net/mailman/listinfo/openid-board
