In order to engage with contributors in the wider identity ecosystem, and expose critical technical components for more targeted development and review, DIF may offer bounties for specific completion of open source components, shared libraries, and vulnerability discovery/fixes.
Bounties can either be sourced through a DIF-wide consensus that authorizes a bounty, or any member who seeks to advance a component within DIF via the bounty mechanism to draw in maximum community involvement by leveraging DIF's position in the ecosystem.
Problem Statement: Describe the user/technical problem with appropriate user stories and technical descriptions.
Scope: Describe the scope of the engagement with concrete details and objective boundaries, including what is not within the scope of work for the engagement.
Deliverables & Acceptance Criteria: As specifically as possible, describe the deliverables expected both during and at the conclusion of the engagement. Detail any acceptance criteria, and specify how acceptance will be judged.
Duration: What is the expected timeline, including dates for delivery, milestones, and progress reports.
Payment: List the terms for payment, with any associated time-bound references to milestones and procedural requirements.
All bounty proposals will coordinate with the DIF Steering Committee to post the description and details to DIF's website. DIF will aid in gathering inquiries and help in evaluation. In the case a bounty is being sponsored by a DIF Member company or external organization, DIF and the sponsor may wish to collaborate on management of the bounty.
DIF and/or the bounty sponsors may wish to circulate updates to the community on the progress and outcome of a bounty offering. DIF can coordinate with the internal member group managing the bounty, or bounty sponsors, to draft and broadcast messaging about bounty status updates. It is generally advised that updates be broadcast to the community in accordance with the milestones set out in a bounty's definition document.
For an examplar of a bounty description document, see this BC Government bounty offering: https://bcdevexchange.org/opportunities/cwu/opp-initial-reference-implementation-of-decentralized-authentication--did-auth--and-authorization-mechanisms