December 3, 2015 OpenID Executive Committee Call Minutes Present: Don Thibeau, Executive Director John Bradley Mike Jones George Fletcher Nat Sakimura Adam Dawes
Visitors: Mike Leszcz, Open Identity Exchange (OIX) 1. Repositories for Open Source Projects John asked if there was any problem using GitHub for working group projects. (Some working groups, such as Account Chooser, already have some sources in GitHub.) Nat said that originally, the OIDF chose Bitbucket over GitHub because it supported OpenID login and GitHub didn't and at the time, it supported https whereas GitHub didn't. (It now does.) Mike pointed out that the main thing is that only working group members who have signed the IPR agreement can have commit rights to software produced by the working group. Adam asked whether edits need to be blessed as contributions. Mike said that this can be accomplished by having checkins result in e-mail to the working group. (The IETF does this.) 2. Non-Member Certification Pricing We have received feedback from several parties on the currently approved non-member pricing structure. The pricing exercise requires a balance between promoting adoption, covering our costs, and incentivizing foundation membership. Global Inventures encouraged us to have a clear rationale for the pricing structure. Don suggested that we may want to consider a cap on the non-member price for OP certification. (He noted that we will separately consider non-member RP pricing next year.) Don plans to put together a year-end summary of our investments to date in establishing the certification program. We will then have a statement on record about what we've spent thus far. John pointed out that we need money to continue revising the tests and running the certification test site. Mike pointed out that we will also need funds to renew the contract with Roland Hedberg to operate the certification test site. Adam had earlier said that he'd like to see a world where every professionally run OP gets certified. Adam said that the current pricing fits for commercial software service providers but not necessarily sites where Identity is not core to their business. Adam said that if participation in a trust framework requires a certification that is too expensive, it will dampen participation in the trust framework. Pricing on a per-domain basis was suggested. Adam had also previously said that it would be good if someone with normal signing authority could approve the certification cost, rather than it requiring signoff by a senior VP. As a straw-man, Adam said that that price would be more like $1000. SaaS providers ideally want all the OPs they're interacting with to be certified, for quality reasons. George asked whether, for instance, the PingFederate certification would cover deployments of PingFederate? John replied "not necessarily", but there might be a way to make that easier. Adam suggested a $1000/domain price for any provider running software that has not been certified, whereas, we would have a lower price for those deploying certified software. Mike suggested $999/domain for those running non-certified software and $499 for those running certified software. Nat asked whether we can tell whether someone has modified the certified software. Mike suggested that that's impossible and not in our interest. George said that if someone lies about something, their certification could be invalidated anyway, when detected. John said that since they'd be running the tests anyway, that's more than a high enough bar. Don said that this seems easy to understand, easy to administer, and easy to defend. All the executive committee members concurred. A next step is for Don to create the costs report. Mike said that Don should also communicate to the board that we suggest revising the pricing as described above, given that there was previously a board vote on the pricing. Don will create appropriate messaging to the board. 3. Web Site Software Status Mike reported that our web site contractor Darin Richardson at delineate.net has written updates to the openid.net software to make it easier for Global Inventures to keep their database and our member database in sync. He has also implemented the charging functionality for certification. These updates are currently being tested. Meanwhile, Nov Matake, the author of widely-used Ruby OpenID Connect RP software and frequent Connect contributor, has submitted changes to Darin that enable OpenID Connect logins to member accounts in parallel with the current login functionality using Janrain Engage. 4. Upcoming Meetings There will be an iGov working group meeting the afternoon of Wednesday, January 13th following a NIST identity workshop on the 12th and 13th in Gaithersburg, Maryland, US. OIX will have a meeting in Washington, DC on the 14th covering topics including safe harbor.
December 3, 2015 OpenID Executive Committee Call Minutes.docx
Description: December 3, 2015 OpenID Executive Committee Call Minutes.docx
_______________________________________________ board mailing list bo...@lists.openid.net http://lists.openid.net/mailman/listinfo/openid-board
