Statutes of IdentityPython

Title
Statutes of IdentityPython
DRACC
0024
Aliases
IDPY-0000
Category
Regulatory
Scope
Programme
Authors
Flanagan, H.
Date
March 2019
Copyright
The Commons Conservancy and IdentityPython
License
Creative Commons Attribution 4.0 International

Purpose

IdentityPython is a set of projects that provide implementation of key federation and identity technologies including OpenID Connect, SAML, xmldsig, OAuth, JWT, etc - all implemented in Python. IdentityPython (in short: the Programme) is formally established to facilitate an open, transparent and efficient governance process for the IdentityPython developers community, throughout the future development of the technology and auxiliary materials (such as documentation, tests, validators, and tutorials) developed under the umbrella of IdentityPython.

IdentityPython is the name of a technical and creative community effort serving the public benefit in the identity and access management sector. Several open-source projects are included under the IdentityPython umbrella. IdentityPython is established as a Programme within The Commons Conservancy. The Commons Conservancy is a not-for-profit foundation (‘Stichting’) established under The Netherlands law.

Terms contained in this document refer to the respective definitions of these terms within the regulations of The Commons Conservancy, unless explicitly noted otherwise. The Programme is subject to the conditions set forth in the Statutes and Regulations of The Commons Conservancy, more in particular to the conditions stipulated in The Commons Conservancy Core Regulations [[DRACC 0002]]. References to the Statutes or Regulations of IdentityPython therefore automatically mean the combination of the Statutes and Regulations of the Programme and those of The Commons Conservancy.

Any decisions made or approved by the IdentityPython Board of Directors within the scope of its mandate will be handled according to the procedure set out in The Commons Conservancy “Decision Handling Procedure” [[DRACC 0004]]. New versions of IdentityPython Statutes and Regulations enter into effect when they are published as part of the Directives and Regulatory Archive of the Commons Conservancy ([DRACC]) series.

Financial Considerations

IdentityPython operates on a nil budget, which means there are no direct financial considerations.

IdentityPython Board of Directors determines the desired direction of the development of technology and auxiliary materials. At the request of grantmaking organisations, donors and partners, IdentityPython MAY provide guidance to others and inspiration with regards to the establishment and evaluation of activities. IdentityPython itself will have no direct financial involvement in such activities under any circumstances.

Members of the Board are expected to donate in-kind resources to the development efforts around IdentityPython projects.

Governance

Board of Directors

The central decision-making body within IdentityPython is the IdentityPython Board of Directors (in short: the IdentityPython Board). The IdentityPython Board is a committee responsible for making and coordinating decisions on behalf of the user and developer community around IdentityPython, according to the conditions set forth in these Statutes as well as any Regulations established by prior decisions of the IdentityPython Board. The IdentityPython Board is expected to consult and find consensus for decisions with the user and developer community.

The IdentityPython Board has a minimum of three, and a maximum of seven natural persons. The founding IdentityPython Board has appointed a number of its constituting Directors to serve a half (12 month) term, and the remainder to serve a regular (24 month) term. Subsequent Directors are elected by the IdentityPython Board to regular 24-month terms according to the procedure set out in these Statutes. The founding Board will select a nominating committee of active developers and other contributors to identify candidates for ongoing Board membership. Directors are permitted to seek office for multiple terms, however, when running against other candidates the amount of terms they have consecutively served is deducted from the votes cast in their favour. This provides a balance between continuity, equal opportunities and renewal of qualities and competences.

The IdentityPython Board determines the Programme’s structure and processes, and is responsible for maintaining its Statutes and Regulations. The IdentityPython Board is free to make or revise any decision, taking into consideration applicable law as well as any immutable conditions previously established within the Statutes or Regulations.

In order to efficiently fulfill its tasks, the Board may establish specialized committees and task forces, as well as assign named roles to qualified individuals to provide advice and assistance on specific issues. The associated qualifications, tasks and responsibilities SHALL be formalised by publication as part of the Regulations of IdentityPython.

The IdentityPython Board (and any person, group or organisation mandated by the IdentityPython Board on its behalf) must act in good faith and in the common interest of the developer community and the wider user community of IdentityPython. If significant harm to the organization has been committed by any Director, he or she MAY be removed from the Board by a simple majority vote of the rest of the Board.

The IdentityPython Board SHALL convene offline or online at least every twelve (12) months.

Voting Procedure

Any two IdentityPython Directors MAY jointly organise a vote of the IdentityPython Board on any subject, after which a notification SHALL be sent out by email to each Director detailing the proposed action and the deadline.

Each Director is entitled to one (1) vote on each matter submitted to a vote. Voting happens through an electronic voting system, by email vote or by a quorate (online) meeting. A quorum is reached when all Directors are either (tele)present, have appointed a proxy or have indicated they will abstain from voting.

It is the responsibility of each Director to maintain valid contact details for communication within the Board. When a Director does not respond to multiple communication requests or invitations to vote for a period of one month across at least two different channels, he or she is removed from the quorum count until contact is restored.

Regular decisions of the IdentityPython Board are taken by a simple majority. Any amendment to these Statutes requires a consensus of the entire IdentityPython Board minus one Director. In all cases, the Chair of the IdentityPython board casts the deciding vote in case of a tie.

Each Director agrees to use his best efforts to resolve disputes in an informal manner.

IdentityPython Projects

Anyone may propose that a software project be included in the IdentityPython. The software project must meet the following criteria:

  • Is developed preferably under the Apache2 license
  • Going forward, we would like every project under IdentityPython to be licensed under the Apache2 license. Software licensed under one of the licenses on the Free Software Foundation’s list of “recommended copyleft licenses” or under any license approved by the Open Source Initiative is eligible but is strongly recommended to consider switching to Apache2.
  • Supports a need within the Identity and Access Management space
  • Is developed using the Python coding language

Individuals proposing that a project be added to IdentityPython must:

  • Project goals and future plans, and how that relate to the goals of IdentityPython as stated on https://idpy.org
  • Any relationships or dependencies on existing IdentityPython projects.
  • The current state of the project and any existing challenges.
  • Project metadata, including pointers to the project’s website, source code, license, mailing lists, and any ticketing or issue tracking system (if available)

The Board will evaluate proposals based on the following, and make a decision within four (4) weeks of initial submission:

  • Technical quality
  • Level of community engagement
  • Fit within IdentityPython

Adding and Removing Projects

The process for adding and removing projects from IdentityPython is described in DRACC 0025. Any changes to that policy will be decided on by the Board and published as a new DRACC.

Integrity

All IdentityPython Directors (as well as any persons the IdentityPython Board have delegated tasks and/or responsibilities to) are understood to act as fiduciaries with regard to the IdentityPython Programme, and their duties include, but are not limited to, the fiduciary duty of care and the fiduciary duty of loyalty.

Directors SHOULD NOT receive any personal benefit as a result of a pending decision – he or she is required to explain the circumstances and avoid taking any part in the decision.

Any conflict of interest or apparent conflict of interest between IdentityPython and individual Directors MUST be avoided. Directors undertake to declare any interest in any item under discussion and MAY be invited by the IdentityPython Chair to withdraw from discussions when business concerning their personal interests or the interests of natural or legal persons close to them is being dealt with. Directors MUST heed such an invitation and at the very least abstain from voting.

Decisions involving activities under which one or more Directors would have conflicts of interest that are of material significance to the Programme and/or to the relevant Director(s) require the approval of the entire IdentityPython Board minus the Director(s) with a conflict of interest.

Licensing Policy

All software and content created or maintained within IdentityPython is to be made publicly available perpetually at no cost under one of the licenses on the Free Software Foundation’s list of “recommended copyleft licenses” or any license approved by the Open Source Initiative on or after the submission date.

When additional licensing needs (which would make the identical software or assets available also through licenses not on those lists) arise, the IdentityPython Board is responsible for deciding on a case by case basis how this shall be best dealt with. In such matters the Board SHALL act in the common interest of the user and developer community, respectful of the spirit and intents of the original creators of and contributors to IdentityPython.

Any financial benefits resulting from licensing agreements with third parties shall exclusively be directed towards a not-for-profit organisation aligned with the goals of IdentityPython as contribution to the future development and maintenance of IdentityPython. These contributions shall be spent under the responsibility of the IdentityPython Board, on behalf of the IdentityPython user and developer community and in the general public interest.

Transition into these Statutes

The following decisions are ratified by the signatories when these Statutes take effect:

  • The founding IdentityPython Board shall be comprised of the individuals acting as signatories of the initial version of these Statutes, the act of which also has established all signees as Directors.
  • Ivan KANAKARAKIS is appointed as the IdentityPython Chair for a period of 12 months.
  • Mike JONES and Chris WALEN are appointed as Directors of the IdentityPython Board for a period of 12 months.
  • Roland HEDBERG is appointed as At-large Director of the IdentityPython Board for a period of 12 months.
  • Leif JOHANSSON and Christos KANELLOPOULOS are appointed as Directors of the IdentityPython Board for a period of 24 months.
  • Heather FLANAGAN is appointed as At-large Director of the IdentityPython Board for a period of 24 months.

The IdentityPython Board commits to identify and approach all rights holders, and ask them to transfer the moral stewardship of the codebase to the IdentityPython Programme.

Agreed on (date), (location) by:

Ivan KANAKARAKIS (chair)

Leif JOHANSSON

Chris WHALEN

Mike JONES

Roland HEDBERG

Heather FLANAGAN

Christos KANELLOPOULOS