I just came across with this article of March 4. 

Best, 
--
Nat Sakimura (=nat)

The OpenID Foundation (OIDF) community board member election call for nominations will open on Monday, January 7.

All members of the OpenID Foundation are eligible to nominate themselves, second the nominations of others who self-nominated, and vote for candidates. If you are receiving this email, you are an OIDF member in good standing and will receive an email on January 7 advising you that the election is open and how to participate.

Voting and nominations are conducted using the OpenID you registered when you joined the Foundation. You will need to log in with your OpenID membership credentials at https://openid.net/foundation/members/ to participate in the nomination and voting. Please send an email to help <at> oidf.org if you experience problems participating in the election.

The Foundation plays an important role in the evolution of Internet identity technologies. Those elected will help determine what role the OIDF should play in helping facilitate faster and broader adoption of open standard identity systems.

Board participation requires a substantial ongoing investment of time and energy. It is a volunteer effort that should not be undertaken lightly. Should you be elected, expect to be called upon to serve both on the board and on its committees where the work of the foundation is conducted. If you’re committed to OpenID and advancing open digital identity and are a person who works well with others, we encourage your candidacy. The OIDF’s Executive Committee has suggested a few questions candidates may want to publicly address in their candidate statements:

1. What are the key opportunities you see for the OpenID Foundation in 2013?
2. How will you demonstrate your commitment to the work of the foundation in terms of resources, focus and leadership?
3. What would you like to see accomplished over the next year, and how do you personally plan to make these things happen?
4. What resources can you bring to the foundation to help the foundation attain its goals?
5. What current or past experiences, skills, or interests will inform your contributions and views?

Candidates can address these questions in their election statements on various community mailing lists, especially openid-general <at> lists.openid.net.

Last year two community board members were elected to 2-year terms and so are not standing for election:

• Greg Keegstra
• Axel Nennker

Other current community board members may seek re-election. They are:

• Nat Sakimura
• Mike Jones
• John Bradley
• Kick Willemse
• George Fletcher

For the purposes of the 2013 election, there are 6 confirmed sustaining members: Google, Microsoft, PayPal, Ping Identity, Symantec, and Verizon. Thus, we will be electing 5 community members to the Board of Directors to bring the total number of community members to 7. To preserve the staggered election structure so that half of the community board members will be elected every year, the 4 candidates (half the number of community members, rounded up) receiving the most votes will be elected for 2-year terms and the candidate receiving the next amount of votes will be elected for a 1-year term, resulting in 3 board members being elected in the subsequent election given a stable number of sustaining members. In the case of a tie between the candidates receiving the 4th and 5th number of votes, both will receive 1-year terms. In order to be eligible for election, a candidate must be seconded by at least three other members.

The election will be conducted on the following schedule:

• Nominations open: Monday, January 7, 2013
• Nominations close: Monday, January 21, 2013
• Election begins: Wednesday, January 23, 2013
• Election ends: Wednesday, February 6, 2013
• Results announced by: Wednesday, February 13, 2013
• New board terms start: Wednesday, February 27, 2013

Times for all dates are Noon, U.S. Pacific Time.

Please forward questions, comments and suggestions to me at don <at> oidf.org.

Regards,

Don Thibeau
Executive Director
The OpenID Foundation

P.S. Members should also know that the foundation will be holding a vote to approve a second set of Implementer’s Drafts of the OpenID Connect specifications soon. An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. We expect the candidate specifications to be ready for the 45 day public review period soon. Watch the announcements at http://openid.net/ and your mailbox for announcements about this upcoming review and vote.

Don Thibeau

The OpenID Foundation

Don Thibeau

The OpenID Foundation

I'm taking a good long hard look at OAUTH, these days, mostly because Microsoft have integrated it (much like signed DUA and signed DSA chaining operations from CCITT's X.500 1988 work) into both their Azure Directory tenant services and their data service API frameworks, more generally. This tells me there is a certain maturity - a signal that I'd be prudent to note.
 
One thing I note as I read is an omnipresent assumption - that is really just not warranted. Much of the terminology and the design features implied by wording would have it that oauth tokens are directly consumed by resources, with application-layer access control guards.
 
From everything Ive learned over the last 5 years of token-passing schemes deployment, it is rare - outside webby/scripting php/asp.net type software - that legacy resource systems for lines-of business type software directly consume the tokens. Rather, they have their proprietary/legacy guards and expect to continue to use them - now supported by a translation unit converts such as oauth tokens into the proprietary/legacy token.
 
For example, a SID claim in an oauth token may well be what drives the ACL function of a windows-centric guard, when accessing a file resource. A trusted process (in assurance theory) converts the oauth token to the SID, and the SID and the ACL rules are enforced by the reference monitor all of whose integrities are secured by the kernel of a CC-evaluated OS. Typically, the process must also translation authorization constructs, from layer-7 group constructs to properly-designed resource-centric groups maintained by such as a AD GC server. For all I know, this may all be driven by an OAUTH/Kerberos-ticket handoff.
 
Folks may want to bear in mind the assured world, when writing. Not everything is a php script working with name/value pairs.
 
 
 
 

In a word: frustrating. http://wp.me/p1fcz8-2YW. It was frustrating on multiple levels, some of them political, some about clearly over zealous monitoring of RP matters, and some due to and obvious lack of willingness to listen to mature RP communities and their requirements for adoption. But, whats new.
 
Obviously the code is fixable, but one worries about the very "idea" - there seems a desperation in the desire to remove local IDPs - including those granting access to privileged administrator configuring (broken) federated logon!
 
To be fair, the default Microsoft ASP.NET web app project built by the released version of visual studio 20102 doesn't work, either - when taking up the federated (OAUTH/openid) login option and its display of a set of IDPs, configured locally. It doesn't even compile, link and load! Thus, I have not even so far as work with its attempt to showcase Openid Connect, or see if things interwork yet with Google's implementation, etc.