Dear IdPy Board Members,
As promised during our last call, please find the CV of nominee Derrick
Ssemanda attached. Chris will follow up shortly with the meeting agenda and
the nominations document.
Best,
Jameelah
On Wed, Dec 31, 2025 at 12:30 PM Jameelah Kallo <jkallo(a)researchdata.us>
wrote:
> Hi Leif,
>
> Thank you for the update. Could you please confirm if the new proposed
> time, Wednesday, January 14 at 10:30 AM EST, works for you?
>
> Best,
> Jameelah
>
> On Tue, Dec 30, 2025 at 6:50 AM Leif Johansson <leifj(a)siros.org> wrote:
>
>> Starting tomorrow my leifj(a)sunet.se address will bounce. My new address
>> is leifj(a)siros.org.
>> On 12/22/25 19:47, Jameelah Kallo wrote:
>>
>> Hello IdPY Board Members,
>>
>> My apologies for the delay in sharing the notes from last week’s
>> meetings. As a follow-up, Chris will be sharing details of the proposed
>> board member candidate.
>>
>> Additionally, we would like to schedule our next meeting. Please let us
>> know your availability for the following proposed dates:
>>
>> - Monday, January 12: 9:30 AM - 10:30 AM EST
>> - Wednesday, January 14: 10:00 AM - 11:00 AM EST
>>
>> Best,
>> Jameelah
>>
>> On Tue, Dec 2, 2025 at 2:36 PM Christopher Whalen <whalen(a)researchdata.us>
>> wrote:
>>
>>> Hello IdPy board members,
>>>
>>> I recently noticed that we are going to have two members of our board
>>> roll off this year and we haven't met at all (that i know of). I'd like to
>>> schedule a quick board virtual meeting before the end of the year so that
>>> we can be ready for an in-person meeting at TIIME in February.
>>>
>>> Laura Paglione will be taking over from Heather Flanagan to help support
>>> the governance effort under the NIAID.
>>>
>>> Jameelah Kallo will be reaching out to find the best time to meet
>>> (hopefully there is one).
>>>
>>> Please let me know if you are going to be at TechEX. I'll be there
>>> myself it would be good to connect and maybe we can schedule the meeting
>>> during TechEx.
>>>
>>> Cheers,
>>>
>>> Chris
>>>
>>>
>>> ___
>>> Christopher Whalen
>>> President - RDCT
>>> Research Data and Communication Technologies
>>> POB 67 Garrett Park, MD 20896
>>> WhatsApp: +1 (301) 408-8268
>>> Office/Mobile +1 (240) 380-2281
>>>
>>
>>
>> --
>> Jameelah Kallo
>> Executive Associate
>> RDCT - Research Data and Communication Technologies
>>
>>
>
> --
> Jameelah Kallo
> Executive Associate
> RDCT - Research Data and Communication Technologies
>
--
Jameelah Kallo
Executive Associate
RDCT - Research Data and Communication Technologies
Please ignore this.
This is a test to ensure that the messages correctly reaches the mailing list address board(a)idpy.org.
Ivan Kanakarakis - sunet.se
Attendees:
Heather, Roland, Christos, Ivan, Mike, Leif, Chris
Action items:
*
Heather to draft the survey text re: Note Well (assuming the board
votes in February to agree to using a Note Well rather than a formal
CLA)
*
Ivan to update the Security Incident Response plan to indicate that
issues will be logged and kept indefinitely
*
Heather to send out a calendar invite for TIIME and a doodle poll
for the call after that.
Notes:
1.
Signing Board Participation agreement
2.
*
Still waiting on legal approval to do this (Mike). Can not make
any formal decisions until this is done.
3.
CLA or Note Well?
4.
*
Expect to handle existing contributors and new contributors
differently.
*
o
We can always ask all existing contributors if they think
they had permission to contribute code via the note well
(rather than sign a CLA). “Here is the Note Well we’re
adopting for all future contributions. D you believe you
have any problems accepting this? Do you believe you might
not have been able to accept it for your previous
contribution?"
o
If individuals don’t respond, may need to consider what to
do otherwise. We will send the survey, send a reminder, then
start trying for personal contacts. And if none of that
works, we’ll consider what code they’ve submitted and
determine if we can do it a different way. Some of their
code might already have been redone so we aren’t as in an
urgent a situation with regards to their contribution.
*
What about the JOT libraries? This shouldn’t be a problem since
only Roland has contributed. The OIDF might want a CLA from
Roland (that is a separate conversation).
*
Leif strongly in favor of a Note Well (see draft here:
https://github.com/IdentityPython/Governance) rather than a
traditional CLA. We want it to be easy for people to contribute;
there is an expense when lawyers are brought in, and lawyers
often don’t understand what we’re trying to do.
5.
Commons Conservancy
6.
*
Christos has been discussing this within GEANT. GEANT does not
have a final answer regarding IPR, but should have a final
answer by the end of this week. They needed clarification that
all the idpy material would remain in the open source domain.
7.
TIIME?
8.
*
Roland and Mike will not be there; will dial them in from 4pm to
5pm CET (last hour of the developers meeting)
*
We should create an e-vote mechanism; perhaps launch at a
meeting and let it extend for 3 days for people not able to attend.
*
Agenda: voting on CLA, Note Well text, IPR, possibly an update
from the developers meeting, talk about how to use an intern
9.
Adding new projects to idpy
10.
*
pyFF split - the JavaScript component on the front end does not
fit into idpy; that component belongs with the RA21 governance
group. The backend remains part of idpy. This kind of evolution,
since it’s not entirely removing the project, a Board decision.
Leif withdraws his request.
*
FYI
https://github.com/IdentityPython/IdentityPython.github.io/wiki/Adding-and-…
11.
Incident Response
12.
*
Ivan has created the incident-response list. Ivan will add the
board members to this list, as well as some of the key
developers for the various projects within idpy.
*
o
This came up as result of the following almost-bad security
issue: https://github.com/IdentityPython/pysaml2/issues/578
*
There should be a page on the website re: how we recognize
security research. (Some researchers contact developers
expecting bug bounties. We can’t pay for this, but we can offer
‘payment’ in terms of recognition.) Look at SUNET’s website for
an example.
https://www.sunet.se/security-researcher-acknowledgments-for-sunet-services/
*
o
Heather to follow up on this and add it to the website.
o
Ivan to update (and Chris to review) the security incident
response plan to be explicit that each item is logged and
kept indefinitely in GitHub.
13.
Next call - Heather to send out a doodle poll for end of
February/beginning of March
Hello all!
I will be reaching out to the new board members, but just so you know, here are the results:
Ivan = 5
Fresia = 4
Mike = 4
Chris = 3
Warren = 3
Jakob = 2
(Of the 5 people that voted, not everyone actually selected 5 candidates, so the count may seem off.)
I will reach out to Fresia and Warren and make sure they accept, and then will let Jakob know that we appreciate his willingness to serve and hope he will accept a nomination again next year.
If you have any questions or concerns please let me know ASAP.
Thanks! Heather
Hello all!
I'm proposing to send the following to the idpy-discuss list. Is there anyone missing re: nominations? Please get back to me by this Friday, 8 March, so I can get this sent out on Monday.
---
Hello idpy contributors!
Roland and I are stepping down from the idpy board, and four other seats are up for election with board members interested in continuing. This leaves us with five seats up for election for the 2024-2026 term.
We have several individuals interested in joining the board and are looking for your feedback.
Incumbent nominees:
• Ivan Kanakarakis (SUNET, lead architect for Satosa, pySAML)
• Chris Whalen (individual contributor)
• Mike Jones (OIDF, author of OIDC and JWT and OAuth)
New nominees:
• Fresia Pérez Arriagada (SUNET)
• Jakob Schlyter (Kirei)
• Warren Anderson (LIGO)
Leif Johansson (SUNET) and Christos Kanellopoulos (GÉANT) are in the middle of their 2023-2025 terms; those seats are up for election next year.
Please go to the following Zoom survey link by 15 March 2024 to place your votes.
Thanks! Heather
Hi all!
I've followed up on my first action item:
"HF to ask Shayna if she’d be interested in up-leveling her work with idpy to take on a more product management role for some aspects of the code base."
Shayna is not interested in expanding her role. If we do want big picture product management, we will need another option.
There are quite a few additional action items that include my name, but they start with you:
• Leif to talk to Pål, Freysia, Marina, Giuseppe about interest in running for an idpy board position and let HF know by Feb 29 who is interested.
• Christos to talk to Michelle about running for an idpy board position and let HF know by Feb 29 who is interested.
• Roland to talk to Jakob about running for an idpy board position and let HF know by Feb 29 who is interested.
• Chris to talk to Ann West about having her or someone on her team run for an idpy board position (Paul Caskey? Nicole Roy?) and let HF know by Feb 29 who is interested.
• Current idpy board members whose terms are ending (Ivan, Roland, Chris, Mike) to let HF know if they are interested in continuing on the idpy board.
• HF to run the election process when the nominations are accepted.
Let me know where we are with these items, esp. if the person(s) you're talking to accept the nomination, and I'll run elections.
Thanks! Heather
Hi guys,
I’m presently maintainer/co-maintainer of 5 software packages:
- idpy-oidc
- cryptojwt (together with Jakob Schlyter)
- fedservice
- idpy-sdjwt
- openid4v
All of them part of Identity Python or soon to be part of Identity Python.
As everyone else I’m not getting younger so I’ve decided to bring down my involvement in the maintenance of these packages.
Jakob Schlyter if prepared to take over the responsibility for cryptojwt.
Apart from that there is no obvious choice. So you/we have to start looking.
My expectation is that 6 month from now I will be a contributor but not a maintainer.
— Roland
Hello IDPY Board members!
It looks like most of us will be at the TIIME meeting in Copenhagen? Is anyone NOT planning on being there? I'd love to have a f2f idpy board meeting if possible!
Thanks! Heather
Hello idpy board members!
On our annual call earlier this year, we discussed meeting after the R&E/FedCM Hackathon to determine what impact (if any) the outcomes of that meeting would have on idpy.
First off, the meeting was quite successful in that the group came up with two proposals that might be viable and allow browser to distinguish between unconsented tracking and a federated authentication flow without messing with the protocols involved. You can read the proposals here:
https://github.com/fedidcg/proposals/issues/4https://github.com/fedidcg/proposals/issues/5
The group did not have time to really dive into the proxy use cases; we will come back to that after we’ve received feedback on the initial proposals. It does sound like pyff might be a part of at least one if not both of the proposals; Leif, Sam (Google) and others will look at that as part of early prototyping to kick these proposals around a bit.
Beyond that, I don’t think the board has much we need to do at this time. If you have any questions or are interested in following the work, you can either join the FedID CG or the new REFEDS working group (which will focus entirely on the R&E use case).
Please let me know if you have any questions!
Thanks! Heather
