Hi all, Background: Apache WSS4J is an implementation of OASIS Web Services Security specification - http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss WS-Security was originally developed by IBM, Microsoft and Verisign - http://xml.coverpages.org/ni2002-04-11-b.html The IPR statements from various companies are listed here - http://www.oasis-open.org/committees/wss/ipr.php Verisign has offered TSIK for incubation - http://marc.theaimsgroup.com/?l=incubator-general&m=111638639824834&w=2 WS-PMC has voted to accept it. - http://marc.theaimsgroup.com/?l=incubator-general&m=111754896032244&w=2
Situation: As part of the incubation process, we had a call with Hans Granqvist and DJ Power from Verisign. DJ is the chief IP person dealing with legal issues and Hans is the dev lead who is driving the incubation / donation process. David informed us that there are patent concerns w.r.t to WS-Security and they are working with Microsoft and IBM on it. I have no knowledge of any patents that we are infringing on w.r.t WSS4J and have not seen the verisign tsik code either. Anyways, if you see the IPR statements on the oasis web site, there is no clue on specific patents involved, except for SAML (from RSA-Security). Folks here may remember that we killed OpenSAML incubation, specifically because of this reason. Anyway back to the current situation, Here's what they are proposing how we could go about the incubation process. - Verisign can donate code ASAP. They know that it will be in full public view. - Verisign would come up with a small text paragraph that we could make part of the build process, our web site etc warning that users should talk to respective companies if they want to use the code. - The team working on the code will choose not to make any milestone releases till tsik exits incubation. - Verisign will work with IBM and Microsoft and ensure that any releases for TSIK will be under just ASL 2.0 and nothing more. - If after a reasonable time, we (Verisign and Apache) can decide to kill the incubation process if there is no movement on the IP front. - As part of that process, we can nuke all the TSIK code in our SVN Is this acceptable to us? Isn't incubation the place (and process) for sorting through these issues? Additional Notes: I had to google for 15+ minutes to get this information - Microsoft's license is listed here: http://www.microsoft.com/mscorp/ip/standards/ - Hans verified that "Verisign's current license for WS-Security is in their TSIK release, where it is part of an click-thru installshield installer. It is also referenced in the source.". - Apparently IBM's license details are not public: http://lists.oasis-open.org/archives/wss/200304/msg00056.html - I've asked Sam Ruby to ping IBM legal about the license. - Had a exploratory short call with Kim Cameron (MSFT) about Infocard etc. Mentioned this problem as well. He *may* write up something on his blog/site. I need to sync up with BenL (about a follow up call with them). Verisign folks are talking to IBM and MSFT as well. -- Davanum Srinivas -http://blogs.cocoondev.org/dims/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
