Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation

Wed, 16 Jul 2014 04:42:14 -0700

I thought I had sent this note already, but I don't see it in the archives or in my 'sent' folder:
If we're going to point to OpenID Connect (which I'm fine with), then we should clarify that portions were also taken from the UMA specification. In fact, draft -00 actually *was* the UMA specification text entirely. This is also what the OpenID Connect registration specification was (loosely) based on when it was started. 


In reality, the relationship between these three documents from three 
different SBO's is more complicated: they all grew up together and 
effectively merged to become wire-compatible with each other. There were 
a number of changes that were discussed here in the IETF that OpenID 
Connect adopted, and a number of changes that were discussed at OIDF 
that were adopted here. OIDC also extends the IETF draft with a set of 
OIDC-specific metadata fields and editorial language that makes it fit 
more closely in the OIDC landscape, but make no mistake: they're the 
same protocol. In the case of UMA, it's a straight normative reference 
to the IETF document now because we were able to incorporate those use 
cases and parameters directly.



The trouble is, I'm not sure how to concisely state that all that in the 
draft text, but it's not as simple as "we copied OpenID", which is what 
the text below seems to say.


 -- Justin

On 7/16/2014 6:17 AM, Hannes Tschofenig wrote:

Thanks, Mike.

This is a useful addition and reflects the relationship between the two
efforts.

Please add it to the next draft version.

Ciao
Hannes

On 07/15/2014 09:46 PM, Mike Jones wrote:

So that the working group has concrete language to consider, propose the
following language to the OAuth Dynamic Client Registration specification:


  


Portions of this specification are derived from the OpenID Connect
Dynamic Registration [OpenID.Registration] specification.  This was done
so that implementations of this specification and OpenID Connect Dynamic
Registration can be compatible with one another.


  


                                                             -- Mike


  


*From:*OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Mike Jones
*Sent:* Tuesday, July 08, 2014 7:15 PM
*To:* Phil Hunt; Hannes Tschofenig
*Cc:* Maciej Machulak; oauth@ietf.org
*Subject:* Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation


  


Thinking about this some more, there is one IPR issue that we need to
address before publication.  This specification is a derivative work
from the OpenID Connect Dynamic Registration specification
http://openid.net/specs/openid-connect-registration-1_0.html.  Large
portions of the text were copied wholesale from that spec to this one,
so that the two would be compatible.  (This is good thing -- not a bad
thing.)


  


This is easy to address from an IPR perspective -- simply acknowledge
that this spec is a derivative work and provide proper attribution.  The
OpenID copyright in the spec at
http://openid.net/specs/openid-connect-registration-1_0.html#Notices
allows for this resolution.  It says:


  


Copyright (c) 2014 The OpenID Foundation.

The OpenID Foundation (OIDF) grants to any Contributor, developer,
implementer, or other interested party a non-exclusive, royalty free,
worldwide copyright license to reproduce, prepare derivative works from,
distribute, perform and display, this Implementers Draft or Final
Specification solely for the purposes of (i) developing specifications,
and (ii) implementing Implementers Drafts and Final Specifications based
on such documents, provided that attribution be made to the OIDF as the
source of the material, but that such attribution does not indicate an
endorsement by the OIDF.

Let's add the reference and acknowledgment in the next version.


  


                                                             -- Mike


  


*From:*Mike Jones
*Sent:* Tuesday, July 08, 2014 10:06 AM
*To:* Phil Hunt; Hannes Tschofenig
*Cc:* John Bradley; Justin Richer; Maciej Machulak; oauth@ietf.org
<mailto:oauth@ietf.org>
*Subject:* RE: Dynamic Client Registration: IPR Confirmation


  


I likewise do not hold any IPR on these specs.

------------------------------------------------------------------------

*From: *Phil Hunt <mailto:phil.h...@oracle.com>
*Sent: *?7/?8/?2014 9:11 AM
*To: *Hannes Tschofenig <mailto:hannes.tschofe...@gmx.net>
*Cc: *Mike Jones <mailto:michael.jo...@microsoft.com>; John Bradley
<mailto:ve7...@ve7jtb.com>; Justin Richer <mailto:jric...@mitre.org>;
Maciej Machulak <mailto:m.p.machu...@ncl.ac.uk>; oauth@ietf.org
<mailto:oauth@ietf.org>
*Subject: *Re: Dynamic Client Registration: IPR Confirmation

I confirm I have no IPR disclosures on this document.

Phil


On Jul 8, 2014, at 4:54, Hannes Tschofenig <hannes.tschofe...@gmx.net 
<mailto:hannes.tschofe...@gmx.net>> wrote:

Hi Phil, John, Maciej, Justin, Mike,

I am working on the shepherd writeup for the dynamic client registration
document and one item in the template requires me to indicate whether
each document author has confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed.

Could you please confirm?

Ciao
Hannes





_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth






















					Reply via email to