I just noticed that this thread was not happening in the mailing list but only on a list of mail addresses. Posting to the list now (with some edit since there are things that was determined already on IDTBD side.)
=nat ---------- Forwarded message ---------- From: Nat Sakimura <[email protected]> Date: Mon, Apr 6, 2009 at 12:20 PM Subject: Re: Brett's proposals? To: "Don Thibeau (OIDF ED)" <[email protected]>, Brian Kissel <[email protected]>, Scott Kveton <[email protected]> Cc: Nat Sakimura <[email protected]> Hi. My comments inline: -------------------------------------------------- From: "Don Thibeau (OIDF ED)" <[email protected]> Sent: Sunday, April 05, 2009 10:46 PM To: "'Brian Kissel'" <[email protected]>; "'Scott Kveton'" <[email protected]> Cc: "Sakimura Nat" <[email protected]>; "'Nat Sakimura'" <[email protected]> Subject: RE: Brett's proposals? > Scott > Let add this to our Monday discussion > > Don > > From: Brian Kissel [mailto:[email protected]] > Sent: Wednesday, April 01, 2009 9:13 PM > To: Scott Kveton > Cc: Don Thibeau (OIDF ED); Nat Sakimura ([email protected]); Nat Sakimura > ([email protected]) > Subject: RE: Brett's proposals? > > > This is from the presentation material that Brett sent to the board. Nat, do > you have any other material or thoughts? > > > OpenID-relevant Programs > • Marketing > – OpenID branding program (could brand > than spec?) This is not there anymore. It was merely a tossing up an idea on part of Brett, and it was subsequently dropped. > > – Relying Party “Users Group” summits (Privacy, UX, Assurance, Requirements, > Best Practices) This is probably a topic that we could find a synergy. For example, for UX, both OpenID and SAML uses redirects and finding a UX and educating the users on appropriate action on them is something both community can benefit from. Privacy, Assurance, Requirements are something that Liberty has been good at. Since they have good amount of technology consumers such as government, they are good at dealing with these topics. OpenID community probably would be able to gain from working on these topics with them. > – Published Case Studies, Testimonials & Awards > – Analyst “tours” & ongoing AR management > – Public Relations: formal and grass-roots These comes under the "Education and outreach", I think. For Analyst "tours", doing it together with them (SAML people) will limit their ability to downplay OpenID. This is good for us. Also, eventually, we will get a better understanding from Analyst. For general pubic education, I think it is important to portray it as "Proprietary Silo v.s. Standard Based SSO", for example. We can definitely coordinate on this line to expand the SSO opportunities. Given that the vast majority of the market is in "Proprietary Silo" camp, it is absurd to be fighting inside the small territory we have now. > – IDTBD “conferences” internationally We should definitely piggy back on this. That's what OpenID Japan has been doing in Japan, without any cost on us! For many of the audiences, these opportunity happened to be the first real exposure to OpenID, and many of them got interested, and later joined OpenID Japan. For example, OIDF-J has the top bank, the top insurance, the top retailer, all three mobile carriers, etc. I found them in Liberty "conferences". Yes. I being there has also contributed to attract more audiences, but if OpenID is better, why should we worry that these people will convert to the other camp? > – Speakers Bureau & Conference placement program If we can agree that the battle to be fought is against "Proprietary Silos", then we should be able to coordinate the message and do this. > • Certification (combination of formal & informal) This is something that Liberty excelled in the past. We should be able to leverage on their experience. Product certification is kind of important from the buyer's perspective, you know. > – Interoperability (OpenID, Oauth, InfoCard, SAML, XDI, WS*, ID-WSF, Portable > Contacts, etc.) This is Concordia and OSIS. We should continue doing it. > – Identity Assurance (OP’s at level 2) RPs need Identity Assurance. Although there are other Identity Assurance projects (e.g., ISO and ITU), it is fair to say that Liberty's framework is one of the baseline that we have right now, especially on the auditing etc. > • Funded one-off projects (research, bounties, events, SMEs, etc.) They have more fund than we do. We could benefit from them if we can persuade them. Also, this is a cost saving opportunity for us. > > Relationship b/w OIDF & IDTBD > • OIDF & IDTBD coordinate investments > – reciprocal membership (Board level?) If it is a reciprocal membership at the same fee, it has no financial impact, so it may be good to have as well, though, I must note that OIDF Board is much more powerful than IDTBD board. > – joint marketing committee (events & campaigns) Joint marketing committee is good to have. We could save substantially on the market research cost etc. > • OIDF uses IDTBD governance & infrastructure > – Common Work Groups OIDF is a Standard Setting Organization while IDTBD is not. What IDTBD could provide is the precursor to the OIDF WG, that we are lacking right now. We may be able to leverage on their infrastructure to save our cost. For the infrastructure, it is a cost saving opportunity as well as a good advertisement opportunity and they agreed to support OpenID in their site. Once that is done, all the IDTBD members are going to be exposed to OpenID, and some member might want to support the Company's OP. Somebody like JanRain or Vidoop may be able to help them out as well. > – Common membership? (needs more discussion) As a community board member, I would have to ask "how much overlap do we have here?" If there is little, common membership would not have too much financial impact. If they do, it means something. >From an individual company's point of view, it is good to have common membership, though. > – Coordinated branding (“XYZ, an OpenID IDTBD Initiative”) I do not think it will work, at least for the short term. > – Common marketing programs > • Market Impact on OpenID: increased acceptance by Gov & Enterprise & Telco, > greater utility = greater value to users That's what OIDF-J has been doing, and we benefited greatly. IMHO, we should explore this in the U.S. and other countries especially Europe and Oceania as well. IDTBD has much more international footprint than OIDF. We should leverage on it. Technically, we can also leverage on the network for the internationalization. I understand that there are concerns among the board members that the name OpenID being associated with IDTBD is detrimental and distracting. Unfortunately, I have not fully understood why nor have seen the logical reasons behind it. This may be due to some market conditions or some "planned activities" in the U.S. that I am not familiar with. It would be good to find them out (#1). > • Operational Impact on OIDF: less overhead = less cost, free to direct > resources on high value OpenID-specific activities Now that we have Inventure in place, this may be a little less of an issue than before. However, there are bunch of other services that IDTBD could provide. I think it is worthwhile studying them. Some additional (but somewhat overlapping) points: * Policy and Legal IDTBD has more international footprint and international governmental representation. Thus, it is easier to deal with Policy and Legal issues there than at OIDF. We could leverage on it. * Accessibility As government has to be accessibility conscious, and these tends to differ from one language to another, IDTBD seems to be a better fit forum than OIDF for this kind of thing as well. We could leverage on IDTBD for this kind of things. * Cross-communities coordination and collaboration Reach to IDTBD members, such as Telco, Financials, Governments, etc. As outlined above. A lot of them misunderstand OpenID as inherently insecure protocol that is not usable by them. We can re-educate them by going into their forum. IMHO, it is a big "+" in terms of the cost benefit overall, unless (#1) is really substantial. Now, in reality, as an immediate next step, I would like to suggest the following: (a) SAML/OpenID Interop WG As far as I know, either the STORK project (EU governments) or IDABC will start the interop later this year. It would be good to start a WG at IDTBD on this to provide a technical feedback to them. Note: Concordia is just requirement gathering, so this WG is a step ahead. It might create a compatible profile or may result in requesting both SSTC and OIDF to create a profile/extension. (b) Embrace their launch Whether OIDF likes it or not, IDTBD gets launched. It is better then to embrace it than ignore it, as a gesture of "Openness", by issuing a comment or endorsement that states OIDF is pleased that IDTBD is formed to strengthen the requirement gathering and interop etc. for the identity technologies. I know many of you dislike the past behavior of the Liberty Alliance of their closedness etc. I am one of them, actually. But we must not replicate that closedness. Them being closed and us being open and embracing gives much better market perception than us retaliating to their past behavior. If we can agree on (a), then it might be good to include it in the comment. Cheers, =nat > > > > Cheers, > > > > Brian > > ============== > > Brian Kissel > > Cell: 503.866.4424 > > Fax: 503.296.5502 > > > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Scott Kveton > Sent: Wednesday, April 01, 2009 5:25 PM > To: Brian Kissel > Subject: Brett's proposals? > > > > Hi Brian, > > > > I can't seem to find any of Brett's proposal to the board in my email. > > Can you forward something over if you can find it? > > > > Thanks, > > > > - Scott > > > > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 3982 (20090402) __________ > > > > The message was checked by ESET NOD32 Antivirus. > > > > http://www.eset.com > > > -- Nat Sakimura (=nat) http://www.sakimura.org/en/ _______________________________________________ board mailing list [email protected] http://openid.net/mailman/listinfo/board
