Hello folks-
I read this thread with a *ton* of sympathy. I think Drummond
characterizes the situation correctly. I have (several times) raised
exactly these concerns to the OASIS community (see [1] in particular and
followups on [2] and [3]). There is actually a lot of sympathy and even
some action (see [4] - which relates to SAML and RSA specifically!) -
the action that is most helpful are statements of non-action covenants
by patent owners (in OASIS, particpants are required to disclose the
fact that they have relevant patents).
I personally have done (and continue to do) anything I can to make
XRI (and any other useful OASIS spec) implementable within the
constraints of the ASF's mode of operation. I think its good practice
for the community at large, open source or not.
If one of you folks from Apache could make these concerns very
obvious to the OASIS community (perhaps just a summary of this thread
from one of the ASF folks that I could forward to the relevant OASIS
lists), I think that would go a long way towards pushing the issue
forward.
-Gabe
[1] http://www.oasis-open.org/archives/chairs/200604/msg00013.html
[2] http://www.oasis-open.org/archives/chairs/200604/maillist.html
[3] http://www.oasis-open.org/archives/chairs/200605/maillist.html)
[4] http://www.oasis-open.org/archives/chairs/200605/msg00018.html
> -----Original Message-----
> From: Drummond Reed [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 20, 2006 9:55 AM
> To: [EMAIL PROTECTED]; general@incubator.apache.org
> Cc: Wachob, Gabe; 'Peter Davis'; 'Graves, Michael'
> Subject: RE: [PROPOSAL] Heraldry Identity Project
>
> Dims,
>
> I am very familiar with the SAML and OpenSAML problems; on
> this message I'm
> cc'ing Peter Davis of NeuStar who has been helping to try to
> overcome those
> for several years (with some recent progress).
>
> Thankfully Peter and Gabe and others who were founding
> members of the XRI TC
> said, "No way we're going down that road -- any and all XRI
> specs will be
> 100% royalty-free and open source-compatible, i.e., not require any
> licensing".
>
> We have stayed true to that. Although XRI Resolution 2.0 does
> offer both
> HTTPS-based resolution and SAML 2.0 signed assertions as
> trust options, both
> are OPTIONAL and not in any way required.
>
> So I can provide you with a very strong assurance on behalf
> of the OASIS XRI
> TC members that the XRI specifications and any code that
> implements them
> will meet the Apache IPR requirements.
>
> My co-chair Gabe Wachob and I have been one of a set of OASIS
> TC chairs that
> have been arguing hard for OASIS to adopt a more explicit "open source
> compatible" IPR mode, and we would be happy to work with you
> and ASF to
> continue to champion it. But at the same time we don't want
> that to slow
> down any existing OASIS work such as XRI and XDI which has
> always been 100%
> committed to open, royalty-free, open-source compatible specs.
>
> In other words, we don't want our TC's penalized for the sins
> of other large
> OASIS members who may not be as supportive of open source.
>
> Please let us know how else we can assist this effort.
>
> =Drummond (http://xri.net/=drummond.reed)
>
> -----Original Message-----
> From: Davanum Srinivas [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 20, 2006 6:26 AM
> To: general@incubator.apache.org
> Cc: Drummond Reed; [EMAIL PROTECTED]
> Subject: Re: [PROPOSAL] Heraldry Identity Project
>
> Drummond,
>
> Here's some background history of things that we have faced.
>
> OpenSAML folks were interested in making OpenSAML an Apache project.
> So we did a bit of research and realized that RSA Security has put up
> a page asking folks to sign a patent licensing aggrement [1]. AFAIK,
> SAML is also under "open, public, and royalty-free". Apache could even
> sign something with them, BUT for a clause that says that we have to
> inform people who use our binaries to go talk to RSA Security. For us,
> this was not acceptable. So we ended up not incubating OpenSAML.
> Please see the following threads for additional info [2]
>
> We've also had a follow up interaction with MSFT and IBM legal teams
> on OASIS WS-Security when we started TSIK incubation. FWIW, Verisign
> has an aggrement that they give out to people BUT not which is not
> public. MSFT and IBM ended up saying that they don't have any patents
> that affect WS-Security and Versign was covered using CCLA and
> Software Grant.
>
> For us here, we want to make sure that *anyone* can download our stuff
> and use it in whichever fashion they want to. Both code and binaries.
> Right now OASIS does not have a mechanism to make that happen
> (Verisign has a non-public agreement for WS-Security, RSA Security has
> clauses that make it impossible for us to do a SAML impl). Both the
> old legacy regime and the new IPR regime in OASIS have holes IMHO.
>
> How can we prevent these kinds of situation from happening?
>
> thanks,
> dims
>
> [1] http://www.rsasecurity.com/node.asp?id=2530
> [2]
> http://marc.theaimsgroup.com/?l=incubator-general&w=2&r=1&s=Op
> enSAML&q=b
>
> On 6/20/06, Recordon, David <[EMAIL PROTECTED]> wrote:
> > This has obviously been something we've been looking at in
> order to do
> > our own due diligence on XRI IPR before being willing to
> contribute the
> > Yadis spec to be incorporated into XRI Resolution 2.0.
> Drummond Reed
> > sent me the following email further explaining this issue
> and asked me
> > to forward it along to the list for him since he had not
> yet subscribed.
> >
> > David,
> > As we discussed with you in drafting the proposal, all
> members of the
> > OASIS XRI TC are fully prepared to sign the CCLA and any necessary
> > software grants required by the ASF. In fact the OASIS XRI
> TC is one of
> > the few OASIS TCs to have written the requirement into its
> charter for
> > its specifications to be 100% open, public, and
> royalty-free. Following
> > is the exact language from the XRI TC charter at
> > http://www.oasis-open.org/committees/xri/charter.php.
> >
> > > In no event shall this Technical Committee finalize or approve any
> > technical
> > > specification if it believes that the use, distribution, or
> > implementation of
> > > such specification would necessarily require the unauthorized
> > infringement of
> > > any third party rights known to the Technical Committee, and such
> > third party
> > > has not agreed to provide necessary license rights on perpetual,
> > royalty-free,
> > > non-discriminatory terms.
> >
> > As you know, I was personally involved not just in creating
> the patents
> > involved, but in subsequently seeing that they were contributed to a
> > non-profit public trust organization, XDI.org, so that they
> could become
> > open, public, royalty-free standards. Complete details of the
> > contribution from XDI.org to the OASIS XRI TC are on the TC
> IPR page at:
> > http://www.oasis-open.org/committees/xri/ipr.php The TC has already
> > spawned one open source project (www.openxri.org) that uses
> the Apache
> > license (and whose code is already incorporated into other
> open source
> > projects).
> >
> > I am copying my XRI TC co-chair, Gabe Wachob of Visa
> International, who
> > can further attest to the depth of our commitment that the
> XRI standards
> > would be 100% free and open and compatible with all open source
> > implementations.
> >
> > Best,
> > =Drummond
> >
> > -----Original Message-----
> > From: Roy T. Fielding [mailto:[EMAIL PROTECTED]
> > Sent: Monday, June 19, 2006 5:19 PM
> > To: general@incubator.apache.org
> > Subject: Re: [PROPOSAL] Heraldry Identity Project
> >
> > This space in OASIS is a festering pile of claimed patents.
> > Are all of the companies involved willing to sign the CCLA
> and software
> > grants necessary to assure distribution under the Apache License?
> >
> > ....Roy
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> Davanum Srinivas : http://wso2.com/blogs/
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
