Here's the IBM License for WS-Security: http://www.ibm.com/ibm/licensing/977Q/2112.shtml
-- dims On 6/16/05, Davanum Srinivas <[EMAIL PROTECTED]> wrote: > Hi all, > > Background: > Apache WSS4J is an implementation of OASIS Web Services Security specification > - http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss > WS-Security was originally developed by IBM, Microsoft and Verisign > - http://xml.coverpages.org/ni2002-04-11-b.html > The IPR statements from various companies are listed here > - http://www.oasis-open.org/committees/wss/ipr.php > Verisign has offered TSIK for incubation > - http://marc.theaimsgroup.com/?l=incubator-general&m=111638639824834&w=2 > WS-PMC has voted to accept it. > - http://marc.theaimsgroup.com/?l=incubator-general&m=111754896032244&w=2 > > Situation: > As part of the incubation process, we had a call with Hans Granqvist and > DJ Power from Verisign. DJ is the chief IP person dealing with legal > issues and Hans is the dev lead who is driving the incubation / donation > process. David informed us that there are patent concerns w.r.t to > WS-Security and they are working with Microsoft and IBM on it. I have no > knowledge of any patents that we are infringing on w.r.t WSS4J and have > not seen the verisign tsik code either. Anyways, if you see the IPR > statements on the oasis web site, there is no clue on specific patents > involved, except for SAML (from RSA-Security). Folks here may remember > that we killed OpenSAML incubation, specifically because of this reason. > Anyway back to the current situation, Here's what they are proposing how > we could go about the incubation process. > > - Verisign can donate code ASAP. They know that it will be in full > public view. > - Verisign would come up with a small text paragraph that we could make > part of the build process, our web site etc warning that users should > talk to respective companies if they want to use the code. > - The team working on the code will choose not to make any milestone > releases till tsik exits incubation. > - Verisign will work with IBM and Microsoft and ensure that any releases > for TSIK will be under just ASL 2.0 and nothing more. > - If after a reasonable time, we (Verisign and Apache) can decide to > kill the incubation process if there is no movement on the IP front. > - As part of that process, we can nuke all the TSIK code in our SVN > > Is this acceptable to us? Isn't incubation the place (and process) for > sorting through these issues? > > Additional Notes: I had to google for 15+ minutes to get this information > - Microsoft's license is listed here: > http://www.microsoft.com/mscorp/ip/standards/ > - Hans verified that "Verisign's current license for WS-Security is in > their TSIK release, where it is part of an click-thru installshield > installer. It is also referenced in the source.". > - Apparently IBM's license details are not public: > http://lists.oasis-open.org/archives/wss/200304/msg00056.html > - I've asked Sam Ruby to ping IBM legal about the license. > - Had a exploratory short call with Kim Cameron (MSFT) about Infocard > etc. Mentioned this problem as well. He *may* write up something on > his blog/site. I need to sync up with BenL (about a follow up call > with them). Verisign folks are talking to IBM and MSFT as well. > > -- > Davanum Srinivas -http://blogs.cocoondev.org/dims/ > -- Davanum Srinivas -http://blogs.cocoondev.org/dims/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
