Interview with Don Thibeau, OIDF’s Executive Director

Published August 10, 2009

This is an interview framed by Chris Messina, an OpenID board member and elected community representative with Don Thibeau, Executive Director of the OpenID Foundation.

So, how have your first months with the foundation been?

Fast paced—I am amazed at the level of activity, complexity of issues and the volume of opinions. The Foundation is evolving rapidly from within; the range of membership interest is increasing. While from the outside; the diversity of adoption and adopters is exploding.  It’s a wild ride.

OpenID is surfing huge wave of mainstream interest in social media, in open government and in industry positioning for open web realities. I’ve kept a low profile for three reasons. One: there are much better evangelists in the community than me; two: I’ve been tending to legal, financial, “plumbing” issues.  We needed to fix the “foundation of the foundation” to respond to legitimate demands from the community for more services and better tools at the same time as giving member companies the accountability they require.  Lastly, the CIO of the government called the OpenID board to a meeting in Washington to ask for our help with the President’s “Open Government” initiative. It was a memorable meeting for two reasons; it took place at the White House Conference Center and I’ve never seen OpenID Foundation board members wearing suits and ties.

What kind of unexpected challenges and opportunities have you encountered?

I knew I had a cool job when a friend mentioned NASA was using OpenID to task satellites. Like many agencies, NASA Goddard has been experimenting with the use of various open standards (Geospatial and others) including OpenID and Information Cards.  We are also hearing from state, local and foreign governments about their desire to use OpenID.  Maybe because I live in DC, I see the OIDF participation in government standards or “sausage making" as common sense.   GSA, NIST and other government forums are exactly where collaboration is expected and beneficial to OpenID.  All the while, I’ve been playing catch-up to make the Foundation run smoother.  I live in Washington D.C. and work with Board members on the East and West coasts, in Bangalore and Tokyo. These challenges come with the territory. So, I am long on opportunities and short on time.

How do you feel about the progress you and the rest of the board have made in the past months?

One clear consensus view is we want more done sooner.  It’s a good problem.  It reflects the dynamism of today’s identity ecosystem and the pressure we all feel to the have Foundation matter on issues we care about. For good reasons and bad, all too often the Foundation operated at a suboptimal level. Now we are working to improve the quality of membership services, specification processes and web tools.  The engine of the OIDF remains its working groups and committees.  We live and die by the level of community participation and the quality of Board leadership.

While there are boards with members with fancier titles, the OpenID Board is made up of people responsible for getting things done in their companies and among their peers.  This Board is still new; a mash up of companies, personalities and passions.  My job is to be an honest broker of ideas and build an environment so we can stay focused on a protocol specific agenda and add value in this rapidly evolving identity ecosystem.

Let's get in to some specifics: you mentioned that one of your top three priorities was to "build a foundation for growth" by making sure that the "Foundations’ finances and governance issues are solid". Can you elaborate on specific steps that you've taken so far and what kind of progress you've made?

First, we’ve outsourced all non-essential functions like accounting, administration, etc. to companies that do that for a living for other open standards groups. This gives member companies the accountability they require to contribute financially and the community the confidence they need to contribute expertise.  Second, we’ve put our money where our mouth is.  The budget invested scarce resources in only those plans that protect IP, promotes adoption and evolves OpenID. As Raj Mata, our treasurer said; “We will not have a “feed the beast” budget.” The Board agreed to fund only those things a Foundation like ours can and must do.

The investment in “plumbing” will result in easier “on ramps” for individual members and corporate sponsors.  Memberships will be processed faster, budgeting standardized. Better tools for committees and working groups are some of our success metrics.  I need to demonstrate the OIDF’s capacity to provide thought leadership and tangible participation benefits.  Chris Messina is leading a volunteer effort with Michael Olson (of JanRain) and “Content Wrangler Extraordinaire" Amanda Richardson to update our web workplace and community participation.

Now let's cover some specific areas of emphasis for OpenID. What can you tell us about the progress with improving OpenID's usability?

This is a key concern throughout the community. We have to do better.  We are planning a series of usability events in the fall.  These will focus on usability in government adoption as well as in new areas of adoption. We are planning open use case workshops with the National Institutes of Health, the National Library of Medicine and the National Cancer Institute to refine interoperability and look at usability through the eyes of scientists collaborating worldwide. Luke Shepard of Facebook and Alan Tom of Yahoo, our usability committee co-chairs, are looking at several options in the Bay Area to bring new energy and approaches to OpenID usability. Google has long standing and deep domain expertise in usability and our efforts can now include new players like Sears and Kmart.  I know the developers in “My-Sears” usability labs in Chicago are looking forward to meeting their peers in the Bay Area and throughout the community.

OpenID’s growth has been exponential, but its adoption has been asymmetrical. Usability is the key to a more balanced evolution. We need more relying parties involved in this adoption dynamic than we’ve seen to date. But as with security, I believe the more platforms are built where OpenID can be used, the more value gets created.  It will be fascinating to see how this “network effect” plays out.

What's new with OpenID, security and privacy?

With the growing mainstream interest in OpenID comes good and bad. We are open to misunderstanding from non-technical audiences and increased scrutiny by privacy advocates and interest groups. I think OpenID can benefit from the mainstream media’s excited embrace of social web tools and therefore be enriched by mainstream adoption.  I am a fan of Facebook’s Tim Sparapani, a former civil liberties attorney.  He is one of the most articulate voices in the community on privacy. In many ways, privacy has become a commodity. Travelers exchange it for safety; celebrities exchange it for well, celebrity, and we all exchange it for a few cents off at the checkout aisle in the Safeway. We know that the social web is, by definition, interactive, that it takes information about what I'm typing in order to send things to me.

Privacy is an issue. It is not a crisis. The industry has done the right thing by getting ahead of this curve and saying, we have to be able to be part of a coordinated effort to address the public and address people in Washington DC, especially those interested in “open government.” One of the principles the Board wants to embed is a self-regulatory, self-certifying system.  We're committing to collaborating with the entire identity ecosystem in order to educate the public continuously about both benefits and risk mitigation.

Security is another issue the Board has invested in. The government interest in OpenID forces a deep dive into these issues. I am reminded daily about OpenID’s security challenges. I welcome the worries.  It’s understandable given the denial of service attacks we’ve seen recently. My response is an invitation to join the effort to shape our standard. OpenID is a new protocol it is undergoing a rigorous real time shakedown.  Andrew Nash, a board member of both the OpenID and Information Card Foundations, put together a team at PayPal to help OpenID get traction in of our toughest challenges. That’s the kind of leadership that will help get traction on one of the Foundation’s highest priorities.

Lastly, what should we be looking forward to over the next three to four months?

Some call government adoption the “mother of all use cases.”  We been collaborating with ICF and other groups on a theme we call “Open Trust Frameworks for Open Government.” Our working hypothesis is the US Government’s pilot adoption of OpenID protocols is a “forcing function” and will yield benefits throughout the open identity community. As a forcing function, the government’s technical “profile” for OpenID and accompanying certification requirements (Trust Framework Adoption Program) are, in effect, use case constraints.  I believe the size, influence and market value of a government wide adoption offers timely, material and strategic benefits to member companies and the community at large.  OpenID OPs who want to participate in adoption of OpenID “are forced" ( no one forces Google to do anything…) to complete a set of tasks based on the GSA’s limited, paired down set of technology features, certification requirements and privacy controls.

The OpenID Foundation and other identity protocol organizations have invested significant resources in this public/private collaboration. These industry leading groups have clear expectations of significant positive returns in several areas. Vivek Kundra, US CIO told the OIDF that the government intends to leverage the large and growing OpenID installed base and corporate sponsorship to further its open government goals.  So the OIDF believes this forcing function will further its mission by accelerating adoption and improving and streamlining how government agencies, contractors and citizens use OpenID.

But only time will tell, this public/private industry initiative will be successful if the current collaboration expands to meet the increased challenges of the next phase: a public-facing launch of our open trust framework and pilot programs at the NIH and other agencies.