Drummond, I welcome the frank assessment and talk on the issues. No, there is no intent to penalize anyone :) We already have projects that implement OASIS standards but are *very * careful about keeping our ears and eyes open for potential problems. I am glad to have you guys here and to hear the eagerness to get things started. We just have to put our best foot forward and go on. I just wanted to bring the issues to the table and know what to expect from all sides.
thanks, dims On 6/20/06, Drummond Reed <[EMAIL PROTECTED]> wrote:
Dims, I am very familiar with the SAML and OpenSAML problems; on this message I'm cc'ing Peter Davis of NeuStar who has been helping to try to overcome those for several years (with some recent progress). Thankfully Peter and Gabe and others who were founding members of the XRI TC said, "No way we're going down that road -- any and all XRI specs will be 100% royalty-free and open source-compatible, i.e., not require any licensing". We have stayed true to that. Although XRI Resolution 2.0 does offer both HTTPS-based resolution and SAML 2.0 signed assertions as trust options, both are OPTIONAL and not in any way required. So I can provide you with a very strong assurance on behalf of the OASIS XRI TC members that the XRI specifications and any code that implements them will meet the Apache IPR requirements. My co-chair Gabe Wachob and I have been one of a set of OASIS TC chairs that have been arguing hard for OASIS to adopt a more explicit "open source compatible" IPR mode, and we would be happy to work with you and ASF to continue to champion it. But at the same time we don't want that to slow down any existing OASIS work such as XRI and XDI which has always been 100% committed to open, royalty-free, open-source compatible specs. In other words, we don't want our TC's penalized for the sins of other large OASIS members who may not be as supportive of open source. Please let us know how else we can assist this effort. =Drummond (http://xri.net/=drummond.reed) -----Original Message----- From: Davanum Srinivas [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 20, 2006 6:26 AM To: general@incubator.apache.org Cc: Drummond Reed; [EMAIL PROTECTED] Subject: Re: [PROPOSAL] Heraldry Identity Project Drummond, Here's some background history of things that we have faced. OpenSAML folks were interested in making OpenSAML an Apache project. So we did a bit of research and realized that RSA Security has put up a page asking folks to sign a patent licensing aggrement [1]. AFAIK, SAML is also under "open, public, and royalty-free". Apache could even sign something with them, BUT for a clause that says that we have to inform people who use our binaries to go talk to RSA Security. For us, this was not acceptable. So we ended up not incubating OpenSAML. Please see the following threads for additional info [2] We've also had a follow up interaction with MSFT and IBM legal teams on OASIS WS-Security when we started TSIK incubation. FWIW, Verisign has an aggrement that they give out to people BUT not which is not public. MSFT and IBM ended up saying that they don't have any patents that affect WS-Security and Versign was covered using CCLA and Software Grant. For us here, we want to make sure that *anyone* can download our stuff and use it in whichever fashion they want to. Both code and binaries. Right now OASIS does not have a mechanism to make that happen (Verisign has a non-public agreement for WS-Security, RSA Security has clauses that make it impossible for us to do a SAML impl). Both the old legacy regime and the new IPR regime in OASIS have holes IMHO. How can we prevent these kinds of situation from happening? thanks, dims [1] http://www.rsasecurity.com/node.asp?id=2530 [2] http://marc.theaimsgroup.com/?l=incubator-general&w=2&r=1&s=OpenSAML&q=b On 6/20/06, Recordon, David <[EMAIL PROTECTED]> wrote: > This has obviously been something we've been looking at in order to do > our own due diligence on XRI IPR before being willing to contribute the > Yadis spec to be incorporated into XRI Resolution 2.0. Drummond Reed > sent me the following email further explaining this issue and asked me > to forward it along to the list for him since he had not yet subscribed. > > David, > As we discussed with you in drafting the proposal, all members of the > OASIS XRI TC are fully prepared to sign the CCLA and any necessary > software grants required by the ASF. In fact the OASIS XRI TC is one of > the few OASIS TCs to have written the requirement into its charter for > its specifications to be 100% open, public, and royalty-free. Following > is the exact language from the XRI TC charter at > http://www.oasis-open.org/committees/xri/charter.php. > > > In no event shall this Technical Committee finalize or approve any > technical > > specification if it believes that the use, distribution, or > implementation of > > such specification would necessarily require the unauthorized > infringement of > > any third party rights known to the Technical Committee, and such > third party > > has not agreed to provide necessary license rights on perpetual, > royalty-free, > > non-discriminatory terms. > > As you know, I was personally involved not just in creating the patents > involved, but in subsequently seeing that they were contributed to a > non-profit public trust organization, XDI.org, so that they could become > open, public, royalty-free standards. Complete details of the > contribution from XDI.org to the OASIS XRI TC are on the TC IPR page at: > http://www.oasis-open.org/committees/xri/ipr.php The TC has already > spawned one open source project (www.openxri.org) that uses the Apache > license (and whose code is already incorporated into other open source > projects). > > I am copying my XRI TC co-chair, Gabe Wachob of Visa International, who > can further attest to the depth of our commitment that the XRI standards > would be 100% free and open and compatible with all open source > implementations. > > Best, > =Drummond > > -----Original Message----- > From: Roy T. Fielding [mailto:[EMAIL PROTECTED] > Sent: Monday, June 19, 2006 5:19 PM > To: general@incubator.apache.org > Subject: Re: [PROPOSAL] Heraldry Identity Project > > This space in OASIS is a festering pile of claimed patents. > Are all of the companies involved willing to sign the CCLA and software > grants necessary to assure distribution under the Apache License? > > ....Roy > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Davanum Srinivas : http://wso2.com/blogs/
-- Davanum Srinivas : http://wso2.com/blogs/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]