[cabf_governance] Notes from teleconference, 7-May-2016
Ben Wilson
ben.wilson at digicert.com
Wed Jun 8 06:39:01 MST 2016
Here are the notes from yesterday's call:
Governance Reform Working Group
Notes from 7 June 2016
In attendance: JC Jones, Andrew Whalley, Ben Wilson, Virginia Fournier,
Rich Smith, Peter Bowen, Patrick Tronnier, and Moudrick Dadashov
Discussion of Goals and Objectives
Ben - One of the overarching, broader goals mentioned by Dean at the
face-to-face meeting in Bilbao was greater participation/involvement of
groups not currently involved in the Forum. That means we probably need to
address criteria for membership and enlarge those to allow working groups to
be created. Another goal is keeping it simple. We don't want to create
unnecessary rules, procedures, and structures, but instead edit the bylaws
strategically.
Peter - We have overlapping goals. While CA members want to expand scope,
because CA/B Forum has been a good place to do industry self-regulation and
there are areas like code signing where we'd like to work. The question is
how do we expand scope without expanding membership and without forcing
others to participate? We have to resolve that first before tackling an
expanded membership. That's why there was discussion on the list about
moving to a participation model. There was some confusion about working
group participation and what that meant, but Jeremy and Virginia have
clarified what participation is. But we need to focus on how we can allow
the scope of discussion to expand otherwise the discussion about new members
is moot.
Andrew- I agree with control at the WG level, with a formal process to join
or opt in, before becoming an official member of the working group. You
could leave the WG when you wanted to, but when you enter the WG, you'd
have to agree.
Peter - It's similar to joining CA/B Forum today. A new member has to do a
catchup evaluation before joining the Forum. That could work easily as well
for working groups. So I think we have consensus on a working group model.
So we should move to a W3C participation model-move the current IPR down to
Working Group level so that all Forum guidelines would be pushed down to
working group level. It would be good to get this down in writing and out
there for others not on the call to review.
Ben - In my opinion the W3C does not have a good definition of
"participate", but they do have detailed procedures and clear steps on how
someone becomes the participant in a working group, so there is an
understanding within the W3C on what it means "to participate". We could
outline the steps, and maybe add a few phrases together for a definition of
"participate" or "participant" in our IPR Policy and adopt what the W3C
has. We might want to write up a clear "bright line" for when someone is a
participant and add something clear to the IPR Agreement that says "by
doing XYZ you are becoming a participant and the IPR Policy applies to
you".
Peter - we should keep a formal list of members of working groups as the
solution here. We already have a lot of the processes in place
already-joining the Forum, joining working groups, etc..
Ben - what should the mechanics be to join a working group? Do you send a
message to the Chair of the Forum or to the chair of the working group?
Working group chairs would have to maintain lists of WG members.
Peter - you would send a message to a public list so that it's easier for
everyone to keep track of who is in each working group. Chairs would still
need to supervise to ensure that only WG members participate in WGs. We
could have someone keep track of who is on calls because it is important
with a RAND-Z IPR policy that contributions are only made by participants
who are subject to the IPR Policy. Otherwise someone could come in and
make a contribution and claim a patent on it.
Virginia - I agree. It's important to have a list of the members of working
groups. Meetings can be "members only" and then we wouldn't necessarily
have to keep roll.
Peter - We could restrict use of the phone conference access codes by
working group. At face-to-face meetings we are going to ask
non-participants to leave.
Ben - what if we just said they couldn't speak and if they did they would be
out of order?
Virginia - I think we're going to need them to leave. It's easy enough to
join a working group if they are really interested.
Peter - Agreed.
Ben - So, in summary, we've decided that there will be a public list of
working group participants. Now, doesn't the W3C have a procedure if you
want to leave a working group?
Virginia - Yes, they have a way to resign and make an exclusion.
Peter - I believe that in our IPR Policy that a contribution directly made
is always covered. So just because you leave the working group before a
vote doesn't mean you aren't subject to the IPR Policy. And there is a
catch-up provision if you want to re-join.
Virginia - With the W3C you have an exclusion opportunity when you leave.
There are other exclusion opportunities when you join and for the last
published working draft prior to your exit.
Peter - The CA/B Forum doesn't have formal drafts, but we have the
contribution rule. We could probably do this without a whole other round of
IPR policy agreements.
Ben - I think we'd need to do that. I do think we have a lot of good
language in the IPR policy, but the question is how do we walk it over to
working groups? We might have to pull out the IPR policy as a reference
whenever we do something in working groups. We'll have to be able to point
to the IPR policy and tell people when they need to exclude, or whatever.
In other words, we'll need to provide some training for implementing the
IPR policy in the context of a working group. Now what do we need to
discuss? Membership criteria? The SSL Working Group, which will be by far
the largest working group? We could talk about the W3C and their technical
group and their management group. Their management group doesn't have power
except to advise the membership at large on consistency matters, etc. The
power is still reserved to members with one member, one vote. Do we want to
look at that as a model, or do we stay as we are?
Peter - The W3C has many more members than the CA/Browser Forum.
Andrew - The W3C also has a technical advisory group, but I'm not sure we're
big enough to warrant that, but you might want a mechanism to ensure that
you don't have a bunch of working groups all trying to cover the same
area.
JC - We should have a mechanism in place where an existing group can ask
another group to revise policy if it is deemed necessary, but proceeding
with a direct democracy would be tenable for the foreseeable future.
Ben - there were comments during the face-to-face about automotive and
internet of things, and I believe that those workgroups would bring in many
more members. I'm not sure its manageable, and we might need to think about
this sooner rather than later.
Patrick - Just to add, in the electrical industry now we're interacting with
smart grid devices more than with browsers, and we need to get these device
manufacturers involved in this decisionmaking and focus more on the
client-side. A lot of the decisions we make for server-side SSL does not
apply to a lot of the work we're doing nowadays.
Andrew - I envision that the existing SSL group be broken into two - one
that is a general certificate group that covers things that are absolutely
common to everything, and the other that deals with specific issues.
Ben - on the next call we'll discuss working group formation. Thanks
everyone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/govreform/attachments/20160608/185459d9/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
Url : https://cabforum.org/pipermail/govreform/attachments/20160608/185459d9/attachment.bin
More information about the Govreform
mailing list