Jason, GitHub works for me, and I think will work well in general as a place to make this source code publicly available and collaborate-upon-able.
While the Jasig CAS website presents a new BSD license as the current CAS server license (because it is the current CAS server license), that's not the preferred or default Jasig license anymore. Rather, Apache 2.0 is preferred over (new) BSD for its better clarity of protections for contributors and adopters. See https://wiki.jasig.org/display/LIC/Jasig+Licensing+Policy Incidentally, coming into compliance with this Jasig licensing policy is on the roadmap for the CAS 3.5 release, and, I believe, a blocker for that release. The very best way you can make it legally possible for Jasig to redistribute your work incorporated into Jasig software products is to submit Contributor License Agreements. https://wiki.jasig.org/display/LIC/Contributor+Agreement+Forms Since you have an existing body of software that you'd like to grant Jasig the rights to redistribute, maintain, evolve, and incorporate into Jasig software products, you should submit the Software Grant License Agreement, linked on that page. Since the Galois corporate entity is involved and Galois employees may (I hope, will!) be further involved in updates / maintenance / changes to this software, it would be best if Galois also completed a Corporate Contributor License Agreement. And, in order to enable individuals to ongoingly continue to collaborate upon and contribute to the evolving software, it's essential that the involved individuals individually complete Individual Contributor License Agreements. Getting through that paperwork will be very important to Jasig organizationally being permitted to incorporate and redistribute this work. That said, any first step is a fine first step -- submitting forms is good, posting your code to GitHub under any open source licensing terms you're able to apply would nonetheless be progress. Looking forward to the GitHub sharing of code and to the use of Contributor License Agreements to eliminate copyright impediments to progress… Kind regards, Andrew On Jan 30, 2012, at 6:00 PM, Jason Dagit wrote: > On 1/30/12 12:29 PM, Andrew Petro wrote: >> Jason, >> >>> Our code isn't currently publicly visible in source form, but that could be >>> changed if it would help. >> Yes, that would help. The first step to making code available as open >> source software is to make code available as open source software. :) >> >> It's not the last step, but it's a great initial step for allowing CAS >> adopters to get interested and excited about this functionality and to >> engage with it. >> >> I'll look forward to seeing the code and engaging further in understanding >> what this brings to CAS. > > Great! I'm now working towards putting the code up on github so you can > review it, submit issues as needed, and you can see how we address them. > Will that work for you? > > I need to hear back from legal to make sure we have the right notices > everywhere. In particular, because it's a SBIR funded project, I believe we > have an obligation to include a SBIR data rights notice. We have planned to > open source this all along and BSD3 is our go-to open source license here at > Galois. BSD3 looks like the default license for JA-SIG too: > http://www.jasig.org/cas/license > > While I was getting things ready for github I realized that we have a lot of > integration tests that we can't easily share with you just because they make > a lot of assumptions about our internal setup. If you have your own servers > for integration tests we can talk about translating our integration tests. > > I will also include the cas-config that we've been distributing as an example > for the trial deployments. The interesting thing to note there is that we > had to pull the login-webflow from CAS and modify it in the WAR in order to > inject some of our classes. We keep wondering if there is a better way to do > that. Here is the commit log for context: >> Added verbatim copies of CAS configuration files from CAS v3.4.10 >> >> Obtained via download from github. For example: >> >> $ wget >> https://raw.github.com/Jasig/cas/v3.4.10/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml >> >> These files were added in order to allow us to customize the >> authentication mechanisms. In particular this was added as part of >> adding support for X.509 client certificate authentication, which is >> currently necessary in order to use attributes from VOMS. >> >> create mode 100644 >> grid2-vo/cas-config/src/main/webapp/WEB-INF/cas-servlet.xml >> create mode 100644 >> grid2-vo/cas-config/src/main/webapp/WEB-INF/login-webflow.xml > > > Thanks, > Jason > > I've copied our SBIR data rights notice below just in case you are curious > about it, but I think it really just applies to the "government": > Acknowledgement > This material is based upon work supported by the Department of Energy > under > Award Number DE-SC0002076 > > Disclaimer > This report was prepared as an account of work sponsored by an agency of > the > United States Government. Neither the United States Government nor any > agency > thereof, nor any of their employees, makes any warranty, express or > implied, or > assumes any legal liability or responsibility for the accuracy, > completeness, > or usefulness of any information, apparatus, product, or process > disclosed, or > represents that its use would not infringe privately owned rights. > Reference > herein to any specific commercial product, process, or service by trade > name, > trademark, manufacturer, or otherwise does not necessarily constitute or > imply > its endorsement, recommendation, or favoring by the United States > Government or > any agency thereof. The views and opinions of authors expressed herein > do not > necessarily state or reflect those of the United States Government or any > agency thereof. > > SBIR/STTR Rights Notice > These SBIR/STTR data are furnished with SBIR/STTR rights under Grant No. > DE-SC0002076. For a period of four (4) years after acceptance of all > items to > be delivered under this grant, the Government agrees to use these data > for > Government purposes only, and they shall not be disclosed outside the > Government (including disclosure for procurement purposes) during such > period > without permission of the grantee, except that, subject to the foregoing > use > and disclosure prohibitions, such data may be disclosed for use by > support > contractors. After the aforesaid four-year period, the Government has a > royalty-free license to use, and to authorize others to use on its > behalf, > these data for Government purpose, but is relieved of all disclosure > prohibitions and assumes no liability for unauthorized use of these data > by > third parties. This Notice shall be affixed to any reproductions of > these data > in whole or in part. > > > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: ape...@unicon.net > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
