> On my part this is -1 on these types of terms in general. > These terms basically make Apache a free development > subsidiary of RSA which is just not good.
I'm not sure I follow this line of reasoning. The license language that they are supposedly writing does not connote any such thing. It says if you want their SAML patent rights for free, you give them your SAML patent rights. It doesn't promise code (which is hardly an issue for Apache which already lets them use the code), and it doesn't offer other IPR. Do these terms make Sun a subsidiary of RSA? They have a SAML product out now. The danger is in the lockdown that occurs if they changed the license such that the terms were no longer acceptable, not in the initial terms. The terms aren't done, but this is a moot discussion until they are...I would not advise the PMC to even take a final vote until the terms are public. > This is not specific to > OpenSAML. I look forward to a web services security standard which is > not tied to proprietary licensing. Then I fear Apache or someone else would need to create one, unfortunately. Neither OASIS nor the W3C appear to be headed in such a direction, and as others noted, it's impossible to know for certain that you will be free and clear anywhere unless you're prepared to fight patents in court. > Is it possible to change the standard as not to infringe on > these patents? If somebody can actually figure out exactly what parts of SAML are covered, then a factoring of the code might be possible. I'm not particularly inclined to such a direction myself, and I haven't the faintest idea how to read patents, in most cases. I don't see the standard itself addressing this, no. -- Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
