A quick link on
ac.openid.net will be added that points to that mailing list post
Future updates to the process will similarly be decided on the AC WG and the "quick link" will be updated to point to the latest process
PROCESS:
PROCESS TO CHANGE THE PROCESS
Any change to the process must be discussed and approved by the AC working group.
Except in the case of an urgent security threat, any proposed changes should be posted for review for 2 weeks before the WG makes a final decision to accept the new process.
The process (and any approved updates to it) will to be posted as a message to the AC WG.
The main website of the Account Chooser working group will have a reasonably easy to find link to that mailing list post for viewers who want to find the current process
The OIDF board has the ability to veto any suggested change. However it is the responsibility of the board to monitor the AC working group for any suggested process changes and to indicate their desire to be involved in the final decision. The working group is NOT required to request specific approval from the OIDF board for changes.
VENDORS
There may be one or more vendors involved in managing the Account Chooser services for things such as domain mgmt, SSL cert, DNS, hosting, etc.
In general the vendors should be active OIDF sustaining corporate members, but that is not required.
If the vendor is a corporate member, then their default contact is their board representative
The additional vendor contacts are listed below, and the vendor agrees to keep that list reasonably up to date. The contacts can include the email/phone#s of teams at those vendors.
It is understood that the primary vendor may use other vendors to provide the service
PROCESS FOR CHANGING VENDORS
The Account Chooser working group can change the vendors, or the responsibility of the vendors as defined above in the "PROCESS TO CHANGE THE PROCESS"
The vendor should only change/transfer responsibilities AFTER (1) the updated approved process has been posted by the workgroup & (2) the contact at the vendor has been notified by a member of the workgroup or the OIDF board.
If the vendor has major security/operational concerns about the change/transfer, they should notify the OIDF board for verification of the change. However the vendor should make a best faith effort to raise those concerns as part of the workgroup "process to change the process."
VENDOR COORDINATION
When multiple vendors are involved, they may need to coordinate interactions, including changes requests for things such as DNS server names, IP addresses, etc.
The listed contacts at one vendor should only accept change requests that came from the listed contacts at the other vendor
If the vendor has major security/operational concerns about the change/transfer, they should notify the AC WG for verification of the change request.
CURRENT VENDORS/CONTACTS
Symantec
Layers of responsibility: domain reg, pointer to DNS servers, SSL cert provisioning
Paul
Brian
mailing list?
Google
Layers of responsibility: serving the domain across multiple-data-centers, DNS load balancing across the data-centers, pushing new code
Eric
Naveen
mailing list?