Drummond, Here's some background history of things that we have faced.
OpenSAML folks were interested in making OpenSAML an Apache project. So we did a bit of research and realized that RSA Security has put up a page asking folks to sign a patent licensing aggrement [1]. AFAIK, SAML is also under "open, public, and royalty-free". Apache could even sign something with them, BUT for a clause that says that we have to inform people who use our binaries to go talk to RSA Security. For us, this was not acceptable. So we ended up not incubating OpenSAML. Please see the following threads for additional info [2] We've also had a follow up interaction with MSFT and IBM legal teams on OASIS WS-Security when we started TSIK incubation. FWIW, Verisign has an aggrement that they give out to people BUT not which is not public. MSFT and IBM ended up saying that they don't have any patents that affect WS-Security and Versign was covered using CCLA and Software Grant. For us here, we want to make sure that *anyone* can download our stuff and use it in whichever fashion they want to. Both code and binaries. Right now OASIS does not have a mechanism to make that happen (Verisign has a non-public agreement for WS-Security, RSA Security has clauses that make it impossible for us to do a SAML impl). Both the old legacy regime and the new IPR regime in OASIS have holes IMHO. How can we prevent these kinds of situation from happening? thanks, dims [1] http://www.rsasecurity.com/node.asp?id=2530 [2] http://marc.theaimsgroup.com/?l=incubator-general&w=2&r=1&s=OpenSAML&q=b On 6/20/06, Recordon, David <[EMAIL PROTECTED]> wrote:
This has obviously been something we've been looking at in order to do our own due diligence on XRI IPR before being willing to contribute the Yadis spec to be incorporated into XRI Resolution 2.0. Drummond Reed sent me the following email further explaining this issue and asked me to forward it along to the list for him since he had not yet subscribed. David, As we discussed with you in drafting the proposal, all members of the OASIS XRI TC are fully prepared to sign the CCLA and any necessary software grants required by the ASF. In fact the OASIS XRI TC is one of the few OASIS TCs to have written the requirement into its charter for its specifications to be 100% open, public, and royalty-free. Following is the exact language from the XRI TC charter at http://www.oasis-open.org/committees/xri/charter.php. > In no event shall this Technical Committee finalize or approve any technical > specification if it believes that the use, distribution, or implementation of > such specification would necessarily require the unauthorized infringement of > any third party rights known to the Technical Committee, and such third party > has not agreed to provide necessary license rights on perpetual, royalty-free, > non-discriminatory terms. As you know, I was personally involved not just in creating the patents involved, but in subsequently seeing that they were contributed to a non-profit public trust organization, XDI.org, so that they could become open, public, royalty-free standards. Complete details of the contribution from XDI.org to the OASIS XRI TC are on the TC IPR page at: http://www.oasis-open.org/committees/xri/ipr.php The TC has already spawned one open source project (www.openxri.org) that uses the Apache license (and whose code is already incorporated into other open source projects). I am copying my XRI TC co-chair, Gabe Wachob of Visa International, who can further attest to the depth of our commitment that the XRI standards would be 100% free and open and compatible with all open source implementations. Best, =Drummond -----Original Message----- From: Roy T. Fielding [mailto:[EMAIL PROTECTED] Sent: Monday, June 19, 2006 5:19 PM To: general@incubator.apache.org Subject: Re: [PROPOSAL] Heraldry Identity Project This space in OASIS is a festering pile of claimed patents. Are all of the companies involved willing to sign the CCLA and software grants necessary to assure distribution under the Apache License? ....Roy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Davanum Srinivas : http://wso2.com/blogs/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
