[OpenID board] September 3, 2020 Executive Committee Call Minutes
September 3, 2020 Executive Committee Call Minutes Present: Don Thibeau - Executive Director Mike Jones Nat Sakimura Bjorn Hjelm John Bradley Absent: George Fletcher Visitors: Mike Leszcz - OpenID Foundation Tom Smedinghoff - Locke Lord LLP 1. Don's Communication with the Board Don has been reaching out to the board and has spoken with most members. He's also e-mailed the board. 2. Bjorn's Conversation with James Bryce Clark at OASIS Jamie was willing to attend our next EC call. We'll have a board meeting before that as currently scheduled. Bjorn believes that the next EC call is October 1st. In OASIS' hiring process, there had been multiple conversations between the board and their candidate before the offer. Nat said that the OASIS position was vacant for nearly a year. Jamie didn't tell Bjorn how they reached out to candidates. Mike Jones said that he believes that time is of the essence and we don't want to wait until October 1st to get going with the hiring process. Ideally, we'll be making an offer before Don's tenure ends so Don can help mentor the new hire. 3. Meetings Meetings are currently scheduled as follows: A board meeting is scheduled for Thursday, September 17th. An EC call is Thursday, October 1st. A board meeting is Thursday the 15th of October. An EC meeting is Thursday, December 3rd. The OIDF Virtual Workshop will be Wednesday, October 28th. Mike Leszcz will also schedule EC calls for November 5th and 19th. We will try to have an EC call with Jamie on September 10th. Mike Leszcz will reach out to Jamie for scheduling. 4. Hiring Committee Nat asked if we should reach out to the full board for hiring committee participation. We agreed on a committee of size five. Mike Jones suggested having a conversation with Eric Sachs about his experience hiring the last time. Mike and Bjorn will be on the call. Mike Jones asked Don for his recommendations. Don suggested that we invite into the process people from the community and from the corporate members. Don noted that the whole board is male and we should intentionally reach out to women and minorities. Nat and Bjorn should solicit input from all the board members. Don believes it's good to have a single point person for the hiring process. We thanked Bjorn for being willing to do that. 5. External Communications Don has drafted an external statement. Mike Leszcz proposed that we post it the day after the board meeting, which would be Friday, September 18th. Dale Olds will communicate to the corporate members. George Fletcher will communicate to the individual members. Nat will make a statement on behalf of the foundation. These will go hand-in-hand with the blog post. Mike Leszcz will work on drafts of all of these. 6. External Engagements Nat and Don want Don to focus on external engagements during his remaining tenure. The OIDF's Response to the EU Expanding the scope of eIDAS is one instance. At the FDX Developer's Conference, Joseph Heenan, Nat Sakimura, and Stuart Low from Australia will keynote. Mike Leszcz and Don have put together a list of relationships and contacts. Nat said that we should do our best to involve those from external organizations in our working group processes. 7. Certification Migration We decommissioned the old Python-based certification suite on August 31st. Now only the new Java-based suite is running. It is now in production mode and we are charging for certifications. See the updated instructions at https://openid.net/certification/instructions/. 8. Job Description Mike suggested that people start thinking about the job description. Bjorn suggested that Don write a first draft, since he knows what it takes to do the job. Don agreed, while saying that it should be a starting point for us. September 3, 2020 Executive Committee Call Minutes.docx Description: September 3, 2020 Executive Committee Call Minutes.docx ___ board mailing list bo...@lists.openid.net http://lists.openid.net/mailman/listinfo/openid-board
[OpenID board] November 12, 2020 OpenID Board Call Minutes
November 12, 2020 OpenID Board Call Minutes Present: Don Thibeau, Executive Director Mike Jones John Bradley Wesley Dunnington John Summers Kosuke Koiwai and Takao Kojima Takehisa Shibata Dale Olds George Fletcher Nat Sakimura Arvind Kumar Garg Absent: Bjorn Hjelm Filip Verley Visitors: Mike Leszcz, OpenID Foundation Tom Smedinghoff, Locke Lord LLP 1. New Verizon Media Board Representative Arvind Kumar Garg introduced himself. He leads the membership platform, which is payment, identity, and privacy. He joined Yahoo ~11 years ago. 2. Transition Preparation Actions Don reported on some of the actions taken to assist in the executive director transition. We had discussions with Jamie Clark of OASIS and Lory Yeakle of Global Inventures. We have worked on a job description. We've reached out to Women in Identity and IDPro. 3. Liaison Updates We are maintaining active liaison relationships to promote our continuing relevance and leadership. The Global Open Finance Center of Excellence (GOFCoE) would like to relist our FAPI certifications as part of its proposed listing of open API standards. The GSMA is considering where to do future Mobile Connect standards work. The MODRNA working group is coordinating closely with them. We have established a liaison relationship with the Decentralized Identity Foundation (DIF), with Kristina Yasuda as our liaison officer. The Financial Data Exchange (FDX) has endorsed OpenID Connect and FAPI. They also want to re-list our certification results. We are working to establish a liaison relationship with the CARIN Alliance, which is in the healthcare space. The plan to use OpenID Connect. We are encouraging them to also utilize the OpenID Certification program. We have agreed to a liaison relationship with the Japanese Government Ministry of Economy, Trade, and Industry. We plan to improve eKYC for Legal Entity scenarios together. 4. Reuse of Certification Listings Four organizations have expressed interest in relisting our certification results. We are investigating licensing this information in a constructive manner. We may also be able to obtain some compensation for this licensing. Services could include permission to relist certifications, real-time notification of changes, and quality control reports - possibly on a quarterly basis. These relistings are important to these organizations, which are requiring certification to OpenID standards as part of their deployments. We could also license the use of OpenID trademarks in association with these listings. We have developed a draft licensing agreement. We are proposing $5,000/year for access to relisting certifications for a standard. For instance, FDX might license both OpenID Connect and FAPI certifications. We might consider changes to the way listings are shown to facilitate this relicensing. We are letting licensees link to the underlying data (the .zip and .tar files) but not copy it, as we are the only party that those performing the certifications gave permission to post their submissions. Nat Sakimura reported that the FAPI working group requested that the FAPI listings be shown separately and the entries be put in a database. Mike Jones expressed concerns with changing from a simple system where entries are published by editing a WordPress page to one where database entries are required and database query results are rendered. That would require new Web development for the site and a more complex data entry and listing process. Mike Leszcz said that we are early in discussions on how this might happen. Don reported that we would eventually want automatic synchronization with licensees. He said that we're working towards an additional revenue stream beyond the existing certification fees. 5. Certification Program Update Mike Leszcz updated us on the status of the certification program. We reduced the contract amounts by 50%. Hans Zandbelt has left the team. Serkan Özkan remains. Having a "minimum viable team" is putting stresses on the team. We are considering adding an additional programming contractor. FAPI certifications have picked up significantly over the past few months. Bank certifications tend to require a lot of hand-holding, which increases stresses on the team. Joseph implementation a submission form, which makes things easier for Banks, which may not have permissions to send e-mail attachments. [ Don Thibeau, Mike Leszcz, and Tom Smedinghoff left the call at this point ] 6. Leadership Transition Bjorn Hjelm updated us on the Executive Director leadership transition. Lori Yeakle of Global Inventures had suggested we move the split between what Don Thibeau does and what Mike Leszcz does for now, and otherwise maintain the status quo, particularly given the difficulty of reaching out to and interviewing candidates during the pandemic. During a search committee call
[OpenID board] August 27, 2020 Executive Committee Call Minutes
August 27, 2020 Executive Committee Call Minutes Present: Don Thibeau - Executive Director Mike Jones Nat Sakimura Bjorn Hjelm George Fletcher John Bradley Absent: (none) Visitors: Mike Leszcz - OpenID Foundation Tom Smedinghoff - Locke Lord LLP [While we didn't meet the week's quorum requirement for this meeting, everyone is in attendance, so we are empowered to have an official Executive Committee meeting.] [The meeting is being held in executive session.] 1. Don's Statement Don will remain involved in identity matters. He wants to enable a good transition and continued success for the foundation. 2. Transition Plan Mike Leszcz went through the Transition Plan deck that Nat shared with the EC. Points include: * We shouldn't be looking for a one-to-one replacement. * Mike Leszcz will continue to perform administration. * Bjorn Hjelm will be primary contact for external and internal inquiries about the ED position. * Don is willing to stay on until the first 2021 board meeting in February. * Don is willing to act as an ambassador during 2021. * Bjorn and John have agreed to continue in their existing roles. * There's a first half 2020 financial summary. We haven't seen any significant dropoff in membership. The certification program continues to be a significant budget investment. We are spending about $17,000/month on certification and taking in about $4,500. End of year we should have about $219,000. Mike Leszcz will distribute the summary to the EC. * The transition plan is a starting point. * Bjorn could lead a discussion at next week's EC call. * The board meeting was rescheduled to Thursday, October 15th. * We could have a meeting including corporate members next year. 3. Notifying the Board We should notify the full board soon and include them. Don volunteered to individually contact the other board members. Mike Jones suggested adding a board meeting in mid-September. Mike Leszcz will announce the board meeting on Thursday, September 3rd. 4. What qualities we're looking for in our next ED Mike Jones suggested that business skills are important. Nat said that this goes to the job description. Nat said that the ED should be able to keep the interests of the member companies in mind so that we'll have adequate funding and high participation. We want someone with strategic vision. Bjorn and John agreed. Mike invited Don to contribute to these thoughts as well. George said that fabulous people skills are key. 5. Establishing a Hiring Committee Mike Jones suggested that we establish a hiring committee. We talked about the hiring committee from ten years ago. He suggested possibly including Eric Sachs. We discussed having about 4-5 people interview candidates. 6. Timing John suggested that we leave the final decision to the new board but we start the hiring process soon. Mike Jones said that typically there is very little change of board members in February; John said that there could be changes, once people know that changes are afoot. George agreed and is in favor of getting started. He said that putting together qualifications could take some time. Nat suggested we try to bless the hiring committee at the September board meeting. Mike Jones stated that the hiring committee should include people who have done actual hiring. 7. Compensation John said that we will need to determine what we're willing to offer the candidate. Mike Jones agreed and said that, as always, it will partially depend upon what they bring to the table. 8. Outreach Mechanisms We discussed how to reach out to candidates. Don said they found him largely by luck. (Brian Kissel somehow knew of Don; Eric Sachs and he talked to Don; the rest is history!) Don reported that OASIS just conducted a year-long search for a new Executive Director. He suggested that James Bryce Clark could be a resource to us at this point. Bjorn will reach out to him. Their new ED is https://www.oasis-open.org/people/staff/guy-martin. 9. What will our public messages be? Possible messages include: Thank Don. The future remains bright. Parts or all of the job description. We should think about additional messages, timing of them, and their intended audiences. 10. Certification Migration Update We have certifications for all of the certification profiles on the new system except for four RP profiles. We're still trying to get those. We've updated the instructions to more clearly explain what people have to do to certify. We authorized Mike Leszcz to turn off the Python certification servers op.certificaiton.openid.net and rp.certification.openid.net at the end of this month. 11. Liaison Update We unanimously appointed Kristina Yasuda of Microsoft as the liaison officer to DIF. 12. Next Meeting There will be an EC call on Thursday, September 3rd at 3pm
[OpenID board] September 17, 2020 OpenID Board Call Minutes
September 17, 2020 OpenID Board Call Minutes Present: Don Thibeau, Executive Director Bjorn Hjelm Mike Jones John Bradley Wesley Dunnington John Summers Kosuke Koiwai and Takao Kojima Takehisa Shibata Dale Olds George Fletcher Nat Sakimura Absent: Filip Verley Lovlesh Chhabra Visitors on the Phone: Mike Leszcz, OpenID Foundation Tom Smedinghoff, Locke Lord LLP Pamela Dingle, Microsoft 1. Transition Plan Our main agenda item is discussing Don Thibeau's intention to resign as Executive Director at the end of 2020 or after the first board meeting of 2021. Don plans to stay active in identity and the OpenID Foundation. Bjorn Hjelm led discussions on establishing a hiring committee, looking for a replacement, timing of communications, and related topics. Mike Leszcz plans to send the public communications tomorrow. He said that we should summarize the call with James Bryce Clark of OASIS on their experience of finding a new Executive Director. Jamie reviewed their experiences and processes. He said that we should have a compensation range in mind. We should be clear on what we're looking for. We should understand where the candidates would like to take the foundation. Mike Leszcz said that we will intentionally be reaching to a diverse candidate pool. Pamela suggested that we also reach out to IDPro. Mike Jones reviewed some of the criteria that the ED had discussed. We need strong communication and relationship skills. The person should view the job as a mission and not just a paycheck. Mike described how OASIS had candidates give a presentation on what they saw OASIS doing well and badly and where they'd like to take the organization; this showed their vision for the organization, demonstrated the presentation skills, and their ability to work with the board of directors. Nat said that Don can continue to serve in an ambassador role for some time. Nat said that we need to write a job description. People asked whether the person needs to be in the US. We agreed that location is not a primary criteria. John Summers asked whether we could arrange for there to be some overlap between Don and the new ED. Don talked about the importance of maintaining momentum for our existing initiatives. Don said that he doesn't want to be a lame duck; he wants to remain engaged and continue raising our profile in partner organizations - particularly in the financial space. For instance, FDX has invited Nat to keynote an upcoming conference. Don and about a half dozen other foundation members will also participate. Nat ask Don think about new options for the certification program. (Currently the foundation is subsidizing the certification program.) Bjorn will be our single point of contact for the hiring process. Mike Jones said that we should have a hiring committee of 5-6 people who can commit to a lot of time to the process in the short term. Don commented that continuing a close collaboration with OpenID Foundation Japan is important, and that we need to be an international organization. Don suggested participation from OIDF Japan. John Summers said that we want the hiring committee to have global representation. Nat said that want to be a global organization, rather than an international organization. Bjorn asked people to let people know if they want to be on the hiring committee and to let him know of any potential candidates. 2. Treasurer's Report John Bradley reported that our current budget is stable. We do anticipate some revenue downsides from the pandemic. The high-value/high-volume FAPI certifications that we were hoping for haven't materialized. Our engagement hasn't resulted in most banks joining either, although there are some prospects. Cutting travel due to the pandemic has helped our budget. We have reduced our expenses in the certification realm. Mike Leszcz said that we have not seen membership drop-offs so far. PayPal downgraded from board membership to corporate membership. 3. Certification Update Mike Jones reported that we decommissioned the Python-based certification suite used for OpenID Connect certifications at the end of August, replacing it with the Java-based suite. We have renegotiated our certification staff contracts to reduce expenses by half. We expect CMA9 banks in the UK and big four banks in Australia to certify. HSBC has made 4 certifications and plans another. Don said that banks tend to move in herds. John Sommers asked how we generate more interest and adoption. Don said that the US/Canada marketplace is the big target, which should evolve in the next year. Don said that FDX is a big asset for reaching US/Canada banks. OpenID Connect is already built into FDX's plans. John Sommers asked if there is a specific call to action in Nat's FDX presentation. Nat said that most FDX members haven't yet adopted FAPI but he'll nudge them to participate in the FAPI 2.0
[OpenID board] September 10, 2020 Executive Committee Call Minutes
September 10, 2020 Executive Committee Call Minutes Present: Don Thibeau - Executive Director Mike Jones Nat Sakimura Bjorn Hjelm John Bradley George Fletcher Absent: (none) Visitors: James Bryce Clark - OASIS Mike Leszcz - OpenID Foundation Tom Smedinghoff - Locke Lord LLP [The meeting entered executive session] 1. OASIS Executive Director Recruitment Experience Jamie spoke to us about OASIS' recruitment experience. What he told us is confidential. OASIS has had about 4-5 EDs over the last 20 years. Two of the transitions were long, which were difficult. The board chairs took over during these periods and had to work harder than anticipated. It was awful for them. Jamie encouraged us to find an interim ED if we encounter a similar situation. OASIS has a well-connected board of eleven directors. They considered going to a head-hunter but eventually decided to do it themselves. Jamie thinks that was the right decision. It took the board way too long. It was hard to get quorum and go through resumes. That slowed them down. He would have wanted to finish a lot faster, if possible. People should commit to a process where they put in concentrated time. They decided to put the posting out in public. This is important for diversity. They got a lot of weird applicants that weren't qualified. They did get some surprising good candidates. They did not wait only for things to come in. They whittled it down to seven candidates and did meet in person, slightly pre-COVID. The search committee split into teams of three, met with the candidates, and recorded their interviews. Then others could view the interviews. They actively sought some candidates. They were pleased with the response that they got. The narrowed it down from seven to three after the interview round. We had to keep the identities and travel in strict confidence. We brought the three candidates to a board meeting in San Francisco in February 2020. We asked them to do a presentation about their perceptions of OASIS. That worked very well. You find out how good they are at presenting and dealing with boards. They did two rounds of interviews. They likely lost one or two candidates while they were taking their time. Being agile is important. They had to increase compensation significantly to get the quality of candidates that they wanted. This assumes that the board wants to increase the size and scope of the organization. Laurent was making under $200,000 in 2019. One candidate was offered a lot more money by someone else. They ended up in the $200,000s. OASIS is happily sitting on a business of technical committees and specifications. It has a substantial opportunity of growing. They wanted to be ready for a growth curve. A very senior staff member made some targeted background check phone calls. Their staff are employees of Insperity. There were some constraints from that. They checked for criminal activity. They did factual verifications of credentials. They spoke with people who had worked with the candidates. They posted the position on their Web site. They sent an announcement to their members. They made some calls and e-mails to colleagues at other organizations. They may have listed the position in a technical journal. Candidates have to know what you do to understand what the position is. OASIS didn't have a formal job description. They had a bullet list of things they were interested in seeing in the candidates. None of the seven finalists had dealt with OASIS before but they understood standards, open source, and membership organizations. You want somebody who really wants to do the job. You want them to have a sense of mission. Mike Jones asked how OASIS makes money. Jamie responded that pretty much everybody who has tried to make a cash cow out certification has failed. Certification is a wonderful way of generating business interest. He thinks we are doing certification right. OASIS annually invoices dues to member organizations. They can join at different levels. The dues are posted on the OASIS Web site. OASIS has a pay-per-organization model, with open board elections. Jamie suggested looking at Linux Foundation and others with different models. They create a separate balance sheet for each major endeavor. There may be more entrepreneurial pricing opportunities. For diversity, they burned up the phone lines. They wanted a diverse slate of candidates at each selection level. They have public statements about Diversity and Inclusion. They didn't take any additional formal steps. But they consciously sought a diverse pool of candidates. The board and search committee developed broad brainstorming lists, over several iterations. They called many potential candidates even though they might not be available. One sentence of advice: Trust Your Network! Jamie believes we'll come up with lots of good