What's in a name? That which we call the Open Web Foundation

7 views
Skip to first unread message

Eran Hammer-Lahav

unread,
Dec 10, 2009, 10:22:38 PM12/10/09
to open-web...@googlegroups.com
The one thing we do better than anything else is say what we are not about.

Over the past few months I came to the conclusion that the limited role we assigned this foundation - to produce a reusable legal framework for open specifications - does not justify the 'Open Web Foundation' name. In fact, it is the stuff we keep ruling out - the proposed openweb.org advocacy site, building infrastructure to host communities, or represent the Open Web community at large - which is what most people expect this organization to be about.

I strongly believe this is one of those cases where doing little is more damaging than doing none. Having an organization called the Open Web Foundation that is doing so little to promote and develop the open web is standing in the way of motivating others to do more. Names and appearances matter.

A few months ago I wrote about setting a new course. The general sentiment among the board was that we should remain focused on our initial limited objective of producing a reusable legal framework. There was little to no interest in raising funds and building a well-resourced organization that can deliver the infrastructure and support needed for end-to-end community projects.

At the same time, we are still being approached by other organization to participate in the greater context of the open web, solely based on our name and perceived purpose. It is also the name that brings greater attention to what we do. Calling our license "The Open Web Foundation Agreement" makes people treat it differently than if it was called "The Open Specification Agreement". This is like an organization called "The World Peace Foundation" produce a conflict resolution process aimed at solving fights between neighbors.

I am well aware of the complexity and risks involved in setting out to do much more than we are currently set to accomplish. I still believe it is well-worth it.

This organization was based on a reality that no longer exists. The communities we set to help are mostly gone or inactive. I am not aware of any new community-based initiatives emerging in the past 6 months.

At the same time, those who have been successful recently, such as the OpenID work with the US government, demonstrate the need for a much higher level of engagement and resources. I am sure the existence of a well-established foundation helped OpenID to be taken seriously. In addition, the recent experience with the OAuth brand (as used in OAuth WRAP) showed the danger of a lack of well-established governance for this work. The people who created OAuth have for the most part moved on, and the lack of governance around it is now threatening its future.

The OAuth model (which we originally used to justify this effort), produced a successful specification in a very short period of time. However, this seems to be the exception rather than the rule. Projects like Portable Contacts and Activity Streams have been lingering for a long time without producing final specifications. At the same time, they seem to be getting traction without having a legal framework in place. What they can use is more help with editorial / publication work and resources for tools and documentation. They also need to figure out what to do with their trademarks, website ownership, and decisions about future version.

It is no longer clear to me that what we are trying to do is aligned with reality.

The OWFa is an important document. I can tell you that I had multiple internal conversations at work where people suggested we used it for releasing work instead of creating our own license. Making it easier for companies to release IP under well-understood terms is a very good thing for the open web. But we don't need a foundation with 100 members and a 9 seats board for that. The upcoming CLA work is important but is being proposed based on the state of the community a year ago.

Our name, missing, and actions are now out of alignment with each other and with the reality of the open web.

Before discussing solutions, it would be great to hear how others feel about this.

EHL


DeWitt Clinton

unread,
Dec 10, 2009, 10:45:50 PM12/10/09
to open-web...@googlegroups.com
This merits a more lengthy reply, but in general I'd say we do still have plenty to deliver on within our original charter -- the next revision of the OWFa, creating the CLA, creating an incubation and best-practices process, etc.

All of those existing objectives, if targeted around helping open web technologies, such as OAuth, OpenID, PubSubHubbub, ActivityStreams, Salmon, Webfinger, etc., are perfectly aligned with our (still relevant) original goals.

I'd suggest we direct that vigor and energy into the incubation/best practices process.  Plenty of communities still need it.  Several of those communities are listed in the OWFa launch announcement.  And if we build an incubator, more communities will come.

Or did you have something else specific in mind?

-DeWitt



--

You received this message because you are subscribed to the Google Groups "Open Web Foundation Discussion" group.
To post to this group, send email to open-web...@googlegroups.com.
To unsubscribe from this group, send email to open-web-discu...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/open-web-discuss?hl=en.



Gabe Wachob

unread,
Dec 11, 2009, 12:38:11 AM12/11/09
to open-web...@googlegroups.com
On Thu, Dec 10, 2009 at 7:22 PM, Eran Hammer-Lahav <er...@hueniverse.com> wrote:
> Over the past few months I came to the conclusion that the limited role we assigned this foundation - to produce a reusable legal framework for open specifications - does not justify the 'Open Web Foundation' name. In fact, it is the stuff we keep ruling out - the proposed openweb.org advocacy site, building infrastructure to host communities, or represent the Open Web community at large - which is what most people expect this organization to be about.

GMW: I agree, the name always seemed bigger than the stated goals.
This was my concern with the *name*, not the *stated goals*.

> At the same time, we are still being approached by other organization to participate in the greater context of the open web, solely based on our name and perceived purpose. It is also the name that brings greater attention to what we do. Calling our license "The Open Web Foundation Agreement" makes people treat it differently than if it was called "The Open Specification Agreement". This is like an organization called "The World Peace Foundation" produce a conflict resolution process aimed at solving fights between neighbors.
>
> I am well aware of the complexity and risks involved in setting out to do much more than we are currently set to accomplish. I still believe it is well-worth it.

GMW: That may be the case, but I'm quite sure that we've had the
success we've had so far because of the purposefully limited focused
scope we've had. I'm not sure (as DeWitt alludes to) that we've
actually completed even the narrow set of work we set out to do.

GMW: As I've said before, if all we did was deliver the IPR policy
(and secondarily, the CLAs), and the OWF's IPR policy got broad
support and was used by a number of communities, I'd call that
success. The broader goal of "an open web" is something we all
support, but we haven't discussed what that means, and what achievable
goals there are in that direction. I'm a little leery of adopting that
broader goal right now, at least until we've accomplished (what I
believe) the stated goals around the IPR (and secondarily the CLAs).

> This organization was based on a reality that no longer exists. The communities we set to help are mostly gone or inactive. I am not aware of any new community-based initiatives emerging in the past 6 months.

GMW: I think thats too short a time to say "the reality no longer
exists" - these things come in cycles or waves. I still think the work
we've done is very useful and will be useful to future efforts. We
can't say that we're not being valuable if we've only just released
our 0.9... I'm not sure there's actually a whole lot of awareness
still about its value and who would use it.

> The OAuth model (which we originally used to justify this effort), produced a successful specification in a very short period of time. However, this seems to be the exception rather than the rule. Projects like Portable Contacts and Activity Streams have been lingering for a long time without producing final specifications. At the same time, they seem to be getting traction without having a legal framework in place. What they can use is more help with editorial / publication work and resources for tools and documentation. They also need to figure out what to do with their trademarks, website ownership, and decisions about future version.

GMW: Isn't the assumption with these efforts that they will just use
the OWF agreement "whenever its ready" - isn't there no legal issues
*because* the OWFa is available? That is, I'm assuming the thinking is
"OK, all that patent stuff we is dealt with if we just do the OWFa"? I
haven't personally reached out, but thats the sense I get out there.

> It is no longer clear to me that what we are trying to do is aligned with reality.

GMW: Or, we're successful enough that nobody is making a big deal
about it, considering it a relatively "solved problem" (or rather,
people assume that the output of this effort will be successful, so
they aren't paying much attention anymore - except those who are
giving us nuts and bolts feedback).

> The OWFa is an important document. I can tell you that I had multiple internal conversations at work where people suggested we used it for releasing work instead of creating our own license. Making it easier for companies to release IP under well-understood terms is a very good thing for the open web. But we don't need a foundation with 100 members and a 9 seats board for that. The upcoming CLA work is important but is being proposed based on the state of the community a year ago.

GMW: I agree that the CLA work is *definitely* secondary.

GMW: However,I don't actually think 9 board seats and 100 members is
really all that large a scale, esp when its run in the relatively
lightweight manner in which it is run. I'm not sure the OWF (and the
OWFa) would have had the traction with the large
companies/organizations it has had, along with the significant amount
of effort contributed by various legal folks, had we not had some
formal structure like the foundation in place.

> Our name, missing, and actions are now out of alignment with each other and with the reality of the open web.

GMW: I'm not sure its as stark as you make it out to be, but I do
agree there is tension. And I too would like to hear more discussion
before discussing "solutions".

-Gabe

Eran Hammer-Lahav

unread,
Dec 11, 2009, 2:29:34 AM12/11/09
to open-web...@googlegroups.com

> -----Original Message-----
> From: open-web...@googlegroups.com [mailto:open-web-
> dis...@googlegroups.com] On Behalf Of DeWitt Clinton
> Sent: Thursday, December 10, 2009 7:46 PM
>
> This merits a more lengthy reply, but in general I'd say we do still have plenty
> to deliver on within our original charter -- the next revision of the OWFa,
> creating the CLA, creating an incubation and best-practices process, etc.

These goals do not justify the name, regardless of their importance.

And getting to a version 0.9 of the OWFa after almost a year and a half since we announced this effort (and about two years since we started working on it) just reinforces my point that we need more resources. After 2 years we got less than a dozen new people involved (actually getting stuff done), and even them have a very limited time to offer. We can't even get all 9 board members to participate in every vote.

Even within the original, limited scope, we don't have the resources to deliver. That's why 2 years into this effort we have a one page document that (as good and impressive as it is), still needs work.

> All of those existing objectives, if targeted around helping open web
> technologies, such as OAuth, OpenID, PubSubHubbub, ActivityStreams,
> Salmon, Webfinger, etc., are perfectly aligned with our (still relevant) original
> goals.

OAuth, OpenID, and WebFinger don't need any help. They are all done within standards bodies at this point (OAuth in the IETF, OpenID in the OIDF, and WebFinger is just a combination of IETF and OASIS specifications).

What spec communities need is what standards bodies offer: built-in participation, corporate by-in, editorial services, working group facilities, and yes, legal hand-holding. I am the current author of about 10 specifications because there is no one else (I can't even get people to review drafts; I have to go to the W3C, OASIS, and IETF to get that). Who is going to operate this incubator? Who is going to help mentor new spec editors? That is, other than the handful of people barely doing it today.

The single most important factor in an open specification being successful is getting Google to care. Because when Google cares it puts people and resources around it. Google contributed the most critical resources to OAuth - security experts - which gave it the credibility it needed. It wasn't the editorial work of some shmuck from NJ.

Salmon and PubSubHubbub are great example of specifications that are likely to be successful because Google is sponsoring their development. They also have top quality people behind them who don't need any help with writing a specification. And PubSubHubbub seems to be doing very well without an IPR agreement.

I don't know how we got to this place where the IPR conversation drowned everything else, and I'll take responsibility for my share of it.

We are not listening to what open communities need. Instead, we are scaring them about the dangerous world of IPR. IPR is important, but it is not what is holding back the Open Web, at least not the fear of litigation from the companies showing up at the table. We convinced ourselves that IPR is the most urgent business to deal with and then we bogged ourselves down with it, ignoring everything else.

I am an open specifications developer, a community organizer, and public complainer. I have been doing *this* work for 3 years, 2 of which professionally. This is what I *need* in the order I need it:

* Better communication platforms - tools that integrate email, messaging, and collaborative tools with specification development process. I want the mailing list system to manage CLA signatures. I want the source control system to be directly linked to email messages with ideas and contributions. Open source is successful to a large degree because of the tools available to create it. Until we can tell where changes to a specification came from, just like we can do with open source, we are going to be stuck with a primitive IPR policy and governance models.

* Participation - it is surprisingly hard to get people to actually contribute to an open community specification. I have the benefit of comparing the quality and quantity of feedback received for my community work and my standards body work and they don't compare. I actually have to beg now for reviews (and still don't get them)! Maybe this is all personal and people just don't like me, but I see the same patterns for specs I am not directly involved in.

* Editors - the most labor intensive part is writing the specification, and writing it well. It is very hard to find someone to edit open specifications. This is why the handful of specs we have is largely written by the same small group of people (who are getting busier). We need experienced editors to help mentor new ones.

* Chairs, leaders - someone needs to herd the cats and give communities a voice.

* Domains, websites, trademarks - someone needs to own this and manage it. I think people need to worry less about OAuth IPR than who controls the oauth.net domain name and can point it to a new specification tomorrow (perhaps slightly changed). I wrote a new version of OAuth 1.0. Who gets to decide if we can replace the existing one with this newer version? Who gets to decide if WRAP can call itself an OAuth profile (when it is clearly not according to any technical analysis)?

* Open Source libraries - we are extremely poor in resources for writing quality libraries implementing these specifications. The majority doesn't even have a reference implementation or a comprehensive test suite. The main reason why people started working on alternative solutions to OAuth was that the crypto was hard and the libraries did a poor job at removing the need to do it. It was actually easier for those involved to write a new spec than to write quality open source libraries.

*Governance models, documentations and guides, demos and experimental sites, and on and on...

I am an open community specification developer. Literally every day I get an email or message asking me how come this or that specification isn't finished yet (after more than a year). This is what I need and the OWF is not helping me. At least not yet.

If it is not the job of the organization called the Open Web Foundation to help me with this list, and it clearly doesn't have the resources to do any of this now, what's the point?

EHL







DeWitt Clinton

unread,
Dec 11, 2009, 3:00:13 AM12/11/09
to open-web...@googlegroups.com
A number of those things are exactly what I see an incubator helping out with, so maybe it's just a difference of terminology.

But I'm confused, because you say, "Who is going to operate this incubator? Who is going to help mentor new spec editors? That is, other than the handful of people barely doing it today."  Yet you go on to list things that would require even more work, and some are better suited for other organizations anyway.

I guess I just don't know what you're getting at with this.  Since you clearly have something in mind, what is it?

-DeWitt


EHL







Eran Hammer-Lahav

unread,
Dec 11, 2009, 3:56:47 AM12/11/09
to open-web...@googlegroups.com


> -----Original Message-----
> From: open-web...@googlegroups.com [mailto:open-web-
> dis...@googlegroups.com] On Behalf Of DeWitt Clinton
> Sent: Friday, December 11, 2009 12:00 AM
> To: open-web...@googlegroups.com
> Subject: Re: What's in a name? That which we call the Open Web Foundation
>
> A number of those things are exactly what I see an incubator helping out
> with, so maybe it's just a difference of terminology.
>
> But I'm confused, because you say, "Who is going to operate this incubator?
> Who is going to help mentor new spec editors? That is, other than the
> handful of people barely doing it today."  Yet you go on to list things that
> would require even more work, and some are better suited for other
> organizations anyway.

What other organizations? If the Open Web Foundation isn't the place where all this belongs, tell me where to go instead. Please go point by point over my list and tell me how you think it should be provided for.

> I guess I just don't know what you're getting at with this.  Since you clearly
> have something in mind, what is it?

My point is - as an unfunded, fully volunteer organization, and after 2 years of experience, we established our limits to a slowly progressing legal committee. That's what we are, and that does not justify the Open Web Foundation name. If we accept that, we should change the name to better reflect our limited scope, and set the right expectations. It is expectations, after all, that define how successful we are and how serious we are taken.

My point is - If we want to do more than produce reusable legal documents, we need to figure out how to "pay for it". I tried everything I know to get people more active and involved. I posted a list of tasks, proposed ideas, helped create committees. None of it turned into lasting results, despite the fact people did step forward and promised to do the work. Other than to go and ask for money, I don't have any other ideas.

My point is - *this* community has not delivered or even close to its limited scope. Of the people who started this effort 2 years ago, more than half are completely inactive. This entire effort depends on the work of, literally, a handful of people, and they are not enough to get anything else done.

EHL
> discuss+u...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/open-
> web-discuss?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Open Web Foundation Discussion" group.
> To post to this group, send email to open-web...@googlegroups.com.
> To unsubscribe from this group, send email to open-web-
> discuss+u...@googlegroups.com.

Jesse Stay

unread,
Dec 11, 2009, 4:02:51 AM12/11/09
to open-web...@googlegroups.com
On Fri, Dec 11, 2009 at 1:56 AM, Eran Hammer-Lahav <er...@hueniverse.com> wrote:
My point is - *this* community has not delivered or even close to its limited scope. Of the people who started this effort 2 years ago, more than half are completely inactive. This entire effort depends on the work of, literally, a handful of people, and they are not enough to get anything else done.

EHL


I admit your recent blog post introduced me to this group - how can I help?

Jesse Stay

Brett McDowell

unread,
Dec 11, 2009, 8:05:10 AM12/11/09
to open-web...@googlegroups.com
Disclaimer:
As most of you know, I'm the Executive Director of Kantara Initiative, an organization formed in April 2009. At the risk of sounding like a commercial for my own organization, I owe it to Eran (and all of you) to answer his questions as accurately and completely as I can, even if doing so makes me look like a salesman (though nothing I mention below costs any money, it's all available to the community free-of-charge, underwritten by corporate sponsorship/membership). I hope you take this email in the spirit it was intended.

>>
>> But I'm confused, because you say, "Who is going to operate this incubator?
>> Who is going to help mentor new spec editors? That is, other than the
>> handful of people barely doing it today." Yet you go on to list things that
>> would require even more work, and some are better suited for other
>> organizations anyway.
>
> What other organizations? If the Open Web Foundation isn't the place where all this belongs, tell me where to go instead. Please go point by point over my list and tell me how you think it should be provided for.
>
>>
>> I am an open specifications developer, a community organizer, and public
>> complainer. I have been doing *this* work for 3 years, 2 of which
>> professionally.

Before I get into a point-by-point analysis, I just want to say Eran's list of support requirements reads like a "why we formed Kantara Initiative" list to me. I know many of you are aware of Kantara's existence, and many of you have taken a "wait and see" approach before getting involved yourselves. Now that we are more than six months into operations it might be a good time to take another look and see what's going on and how things actually happen vs. were forecast to happen (whether it was me forecasting how good it would be, or others forecasting how bad it would be, now you can just see for yourself how it really is).

>> This is what I *need* in the order I need it:
>>
>> * Better communication platforms - tools that integrate email, messaging,
>> and collaborative tools with specification development process. I want the
>> mailing list system to manage CLA signatures. I want the source control
>> system to be directly linked to email messages with ideas and contributions.
>> Open source is successful to a large degree because of the tools available to
>> create it. Until we can tell where changes to a specification came from, just
>> like we can do with open source, we are going to be stuck with a primitive IPR
>> policy and governance models.

Kantara offers Confluence, MailMan, Subversion, BugZilla and Wordpress. It's not the most sophisticated set of collaboration support tools but it seems to be doing the job. If a project would prefer SourceForge or GoogleCode to manage version control, that's fine too. I'm sure we can do better if better is required, we just need to understand those requirements. The good news is that we do have infrastructure budget and competent IT staff to build a system to support the needs of the community. This is a big part of why we were formed.

>>
>> * Participation - it is surprisingly hard to get people to actually contribute to
>> an open community specification. I have the benefit of comparing the quality
>> and quantity of feedback received for my community work and my standards
>> body work and they don't compare. I actually have to beg now for reviews
>> (and still don't get them)! Maybe this is all personal and people just don't like
>> me, but I see the same patterns for specs I am not directly involved in.

I'm not going to pretend this issues doesn't exist in Kantara either. The old rule still stands: 20% of the participants do 80% of the work. But in Kantara some of the priority projects get additional support from hired contractors, and in general the number of participants across our groups is pretty strong. Here are some links to rosters where you can see how many folks are actively contributing (including having signed-off on IPR agreements up-front... that CLA issue OWF is now starting to tackle).

Concordia: http://kantarainitiative.org/confluence/display/concordia/Participant+Roster

Consumer ID: http://kantarainitiative.org/confluence/display/WGCI/Participant+Roster

eGovernment (Open Gov): http://kantarainitiative.org/confluence/display/eGov/Participant+Roster

Healthcare: http://kantarainitiative.org/confluence/display/healthidassurance/Participant+Roster

ID Assurance (Trust Framework): http://kantarainitiative.org/confluence/display/idassurance/Participant+Roster

IDP Selection (WAYF UX Problem): http://kantarainitiative.org/confluence/display/WGIDPSEL/Participant+Roster

InfoSharing (VRM): http://kantarainitiative.org/confluence/display/infosharing/Participant+Roster

WSF Evolution (Oauth Extensions): http://kantarainitiative.org/confluence/display/idwsf/Participant+Roster

Japan (regional advocacy): http://kantarainitiative.org/confluence/display/WGJ/Participant+Roster

Privacy & Public Policy: http://kantarainitiative.org/confluence/display/p3wg/Participant+Roster

Universal Login (UX optimization): http://kantarainitiative.org/confluence/display/ulx/Participant+Roster

User-Managed Access (Oauth Extensions): http://kantarainitiative.org/confluence/display/uma/Participant+Roster

(there are others but these have been up and running for awhile)

>>
>> * Editors - the most labor intensive part is writing the specification, and
>> writing it well. It is very hard to find someone to edit open specifications. This
>> is why the handful of specs we have is largely written by the same small
>> group of people (who are getting busier). We need experienced editors to
>> help mentor new ones.

In Kantara we still hold to the principal that the primary Editor of a specification or policy framework should be a community stakeholder (volunteer) to help ensure the spec or framework is guided by real requirements. But, we also provide editorial services once a draft is pretty stable. Our professional editors then do a pass to align the document with all the editorial guidelines for consistency, ensuring the legal front-matter is accurate, and making sure the final version is professional-grade. We are in our first cycle now so I don't have a completed doc to show you, though I will shortly.

>>
>> * Chairs, leaders - someone needs to herd the cats and give communities a
>> voice.

We have a Leadership Council made up of the Chairs from every group chartered in Kantara. Below is their roster. They have been quite active in getting together by teleconference to keep the cats herded and all systems go. Remember, we formed in April and we already have a number of published drafts, several chartered projects, about two hundred participants, and about a hundred sponsoring members. This didn't happen by accident. The Leadership Council is a collegial and productive group of people I'm proud to work with.

http://kantarainitiative.org/confluence/display/LC/Roster

>>
>> * Domains, websites, trademarks - someone needs to own this and manage
>> it. I think people need to worry less about OAuth IPR than who controls the
>> oauth.net domain name and can point it to a new specification tomorrow
>> (perhaps slightly changed). I wrote a new version of OAuth 1.0. Who gets to
>> decide if we can replace the existing one with this newer version? Who gets
>> to decide if WRAP can call itself an OAuth profile (when it is clearly not
>> according to any technical analysis)?

Kantara has the administrative resources to manage trademarks, domain registrations, etc. We already have filed trademarks across many countries (which is quite expensive as some of you know) and we manage several domains. The Board of Trustees is responsible for all fiduciary matters so maintaining the integrity of trademarks, domains, etc. falls to them, who delegate the duties to me and my team.

Legally speaking, we are a Program of the IEEE-ISTO (a 501(c)6) but we operate as an independent non-profit. We also manage a number of other assets, like hubs and routers that we bring to interoperability events, projectors we bring to meetings (to save on AV rentals), etc. We have event management staff to arrange for conference workshop, seminars, etc. We have a "speakers bureau" to help place community members on the agenda of relevant conferences around the world, etc. We have an analyst relations program and PR team to support the work that comes out of Kantara (their job is to market the work product of the community, not to market the organization itself which would explain how little "hype" you've seen from Kantara -- this email being the exception that proves the rule).

>>
>> * Open Source libraries - we are extremely poor in resources for writing
>> quality libraries implementing these specifications. The majority doesn't even
>> have a reference implementation or a comprehensive test suite. The main
>> reason why people started working on alternative solutions to OAuth was
>> that the crypto was hard and the libraries did a poor job at removing the
>> need to do it. It was actually easier for those involved to write a new spec
>> than to write quality open source libraries.

Kantara Initiative funds community projects proposed through the Leadership Council. This could be any form of request that's going to help the Open Web. One example we recently approved was a modest bounty for an implementation of the UMA Oauth extension that would be used as an online test harness of sorts. In fact, the 2010 budget includes more than $150K in project funding in response to "bottom-up" proposals from the community to the Kantara Trustees.

http://kantarainitiative.org/confluence/download/attachments/4292729/2010+Budget-Approved+05NOV09.pdf


>>
>> *Governance models, documentations and guides, demos and experimental
>> sites, and on and on...

Governance, governance, governance. This was our focus for most of 2009 and we now have all our governance documents in version 1.1 with several tweaks to meet the needs on the ground. I'm quite pleased with how the governance piece has turned out and I'm confident that anyone here who investigates this aspect of Kantara will find it acceptable if not ideal (personally I think it's closer to ideal, but that's my bias having contributed extensively to the governance model). Bylaws and other policy docs are online here:

http://kantarainitiative.org/confluence/display/GI/Home

Another project we funded is for the Universal Login eXperience Work Group to hire usability experts and designers to mock-up some new federated login flows for OpenID, InfoCards, and SAML authentications (btw, we ourselves run a multi-protocol RP). Those are underway now, focused on NIH use-cases (that US Government Open Identity for Open Government project Eran alluded to), and should be on our web site in a few weeks.

Another thing we are spinning up now is an interoperability program that will help accelerate the maturity of implementations and refine specifications through interop testing and even software certification (for the more mature specs).

Along with Interoperability testing and certification (to launch in 2010) we have Assurance certification for IDP's to prove they comply with OMB 0404 (via the Service Assessment Criteria in the Identity Assurance Framework). I mention this because it is a tool to build trust in Relying Parties and facilitate adoption. I also mention it to point out that all such certification programs we run will have direct oversight from volunteer "Review Boards". So far we have:

Assurance Review Board with folks from: US GSA, Aetna, KPMG, SUNET, and BT
Interoperability Review Board with folks from: US GSA, NTT, Oracle, CA, Google, and Internet2


>>
>> I am an open community specification developer. Literally every day I get an
>> email or message asking me how come this or that specification isn't finished
>> yet (after more than a year). This is what I need and the OWF is not helping
>> me. At least not yet.

You can get a lot of what you are looking for from Kantara Initiative. I'm not sure if you didn't know that or if there is something about Kantara that is off-putting. If there is a barrier to leveraging the support we offer, PLEASE let me know and I will address it!

>>
>> If it is not the job of the organization called the Open Web Foundation to
>> help me with this list, and it clearly doesn't have the resources to do any of
>> this now, what's the point?

One job Kantara Initiative is not working on is the development of new IPR Policies. We allow for several different IPR Policies and anyone can propose a new one be adopted at any time. This is why I'm involved in OWF. We have discussed adding a Non-Assert Covenant to our list of IPR Policies and I've been hoping that what came out of OWF would be a good fit. But our approach will continue to be "options" for IPR on a group-by-group basis. This would allow a handful of folks who want to be very inclusive to pick a very inclusive license, and others who want narrow "necessary claims" grants can pick something like OWFa.

Again, I apologize for this "commercial" and I would have never posted something like this to the list if the Chair hadn't asked the questions that prompted my response.

-- Brett

Steve Repetti

unread,
Dec 11, 2009, 8:29:50 AM12/11/09
to open-web...@googlegroups.com
Brett,

And, you forgot to mention all this occurred while you were also involved
with DataPortability and the OWF!

The work at Kantara is fantastic and a great example of the high-end of this
type of effort. As for the OWF -- it CAN be so much more, but to do that
practical decisions must be made. Modest ratcheting up can be accomplished
over time through the current volunteer (90/10 participation) process. More
than this likely requires steps towards some of the things Kantara has done
(is doing) successfully -- including funding initiatives.

--Steve Repetti

-----Original Message-----
From: open-web...@googlegroups.com
[mailto:open-web...@googlegroups.com] On Behalf Of Brett McDowell
Sent: Friday, December 11, 2009 8:05 AM
To: open-web...@googlegroups.com
Subject: Re: What's in a name? That which we call the Open Web Foundation

--

You received this message because you are subscribed to the Google Groups
"Open Web Foundation Discussion" group.
To post to this group, send email to open-web...@googlegroups.com.
To unsubscribe from this group, send email to
open-web-discu...@googlegroups.com.

DeWitt Clinton

unread,
Dec 11, 2009, 11:20:52 AM12/11/09
to open-web...@googlegroups.com
If this thread is really about "should the OWF raise money?" then I'd prefer if we discuss that directly.  Where would that money come from, and what would it be spent on?

I've been strongly (though not stubbornly) opposed to raising funds in the past.  But in the context of a proposal then perhaps it is time to reopen that discussion.

-DeWitt

To unsubscribe from this group, send email to open-web-discu...@googlegroups.com.

Jeremiah Cohick

unread,
Dec 11, 2009, 1:36:48 PM12/11/09
to open-web...@googlegroups.com
I joined because I felt the Open Web Foundation would (eventually) be
bigger than a legal framework, which is not something I can directly
contribute to. I still think there's a role of involving and inspiring
that needs to be filled.

I'm curious about solutions to the problems you identified.

Ben Metcalfe

unread,
Dec 11, 2009, 1:53:51 PM12/11/09
to Open Web Foundation Discussion
Ok, so I'll preface my comment by admitting that this doesn't move
_this_ conversation forward, but I think this needs saying...

The situation as to where this group has ended up is *incredibly*
similar to what happened to the DataPortability.org Work Group. A
bunch of well-intended individuals - of varying degrees of experience
and position within the industry - tried to start something good and
positive for the rest of the industry (with similar goals and values
of OWF). DataPortability.org got bogged down in charter and legal
crap, followed by dwindling commitment by the majority of it's
membership base. That meant that after 18 months or so it too had
produced very little of real value (IMHO).

Certain individuals from the community took every opportunity to mock
and pour scorn upon this project and used some of that motivation to
create the groundswell that created this group. Many of those
individuals are members, founding members even, of the OWF. Many were
unhappy that it wasn't the 'usual suspects' (what we call that 'old
boys network' back home) running the show. In fact, it was many of
those usual suspects that exerted external pressure on DP.org to
create a legal framework which forced it into that legal mess.

So it does seem rather 'unfortunate' that the exact self same thing
has happened here.

In fact given the significant amount of "experienced open-source
community participants" in OWF over DP.org (which frankly was staffed
by a lot of well-intentioned nobodies), to come up just as short on
the same opportunity seems more embarrassing, more concerning and more
of a shame.

(I should point out that I walked away from the DataPortability.org
Group around the time it capitulated to the pressure to take a legal
framework, so these thoughts are mine and not representing
DataPortability.org folk.)

Ben Metcalfe
> > For more options, visit this group athttp://groups.google.com/group/open-
> > web-discuss?hl=en.
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Open Web Foundation Discussion" group.
> > To post to this group, send email to open-web...@googlegroups.com.
> > To unsubscribe from this group, send email to open-web-
> > discuss+u...@googlegroups.com.
> > For more options, visit this group at
>
> ...
>
> read more »

Elias Bizannes

unread,
Dec 11, 2009, 2:21:03 PM12/11/09
to open-web-discuss
It's a fair analysis to say there are a lot of eerily similar parallels between our experience at the DataPortability Project and the OWF. Some differences, but similar challenges.

And my assessment? This is normal - keep going. In my experience, we've pushed ahead and it felt like swimming through crap only to get to shit, but it's working out for us.

I do think the OWF has two specific issues: one relates to the name but more importantly is its governance model. However that's something that can be changed: the organisation is too important to die so please let's keep this discussion constructive. We talked about this thread on the latest Data without Borders podcast. Just recorded it, so not sure when Christian will post it on the blog: http://datawithoutborders.net/

Elias Bizannes
http://eliasbizannes.com


To unsubscribe from this group, send email to open-web-discu...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/open-web-discuss?hl=en.



Reply all
Reply to author
Forward
0 new messages