Just to follow up, I just ran into this announcement by SUN w/r/t Non-assertion Covenants, which is exactly the sort of mechanism I've been advocating to make Open Source implementation and adoption more frictionless:
http://xml.coverpages.org/ni2006-06-15-a.html I'd suggest all the interested parties review this page - including some of the background info on the bottom of the page. -Gabe > -----Original Message----- > From: Wachob, Gabe > Sent: Tuesday, June 20, 2006 12:05 PM > To: 'Drummond Reed'; [EMAIL PROTECTED]; general@incubator.apache.org > Cc: 'Peter Davis'; 'Graves, Michael' > Subject: RE: [PROPOSAL] Heraldry Identity Project > > Hello folks- > I read this thread with a *ton* of sympathy. I think > Drummond characterizes the situation correctly. I have > (several times) raised exactly these concerns to the OASIS > community (see [1] in particular and followups on [2] and > [3]). There is actually a lot of sympathy and even some > action (see [4] - which relates to SAML and RSA > specifically!) - the action that is most helpful are > statements of non-action covenants by patent owners (in > OASIS, particpants are required to disclose the fact that > they have relevant patents). > I personally have done (and continue to do) anything I > can to make XRI (and any other useful OASIS spec) > implementable within the constraints of the ASF's mode of > operation. I think its good practice for the community at > large, open source or not. > If one of you folks from Apache could make these concerns > very obvious to the OASIS community (perhaps just a summary > of this thread from one of the ASF folks that I could forward > to the relevant OASIS lists), I think that would go a long > way towards pushing the issue forward. > > -Gabe > > [1] http://www.oasis-open.org/archives/chairs/200604/msg00013.html > [2] http://www.oasis-open.org/archives/chairs/200604/maillist.html > [3] http://www.oasis-open.org/archives/chairs/200605/maillist.html) > [4] http://www.oasis-open.org/archives/chairs/200605/msg00018.html > > > -----Original Message----- > > From: Drummond Reed [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, June 20, 2006 9:55 AM > > To: [EMAIL PROTECTED]; general@incubator.apache.org > > Cc: Wachob, Gabe; 'Peter Davis'; 'Graves, Michael' > > Subject: RE: [PROPOSAL] Heraldry Identity Project > > > > Dims, > > > > I am very familiar with the SAML and OpenSAML problems; on > > this message I'm > > cc'ing Peter Davis of NeuStar who has been helping to try to > > overcome those > > for several years (with some recent progress). > > > > Thankfully Peter and Gabe and others who were founding > > members of the XRI TC > > said, "No way we're going down that road -- any and all XRI > > specs will be > > 100% royalty-free and open source-compatible, i.e., not require any > > licensing". > > > > We have stayed true to that. Although XRI Resolution 2.0 does > > offer both > > HTTPS-based resolution and SAML 2.0 signed assertions as > > trust options, both > > are OPTIONAL and not in any way required. > > > > So I can provide you with a very strong assurance on behalf > > of the OASIS XRI > > TC members that the XRI specifications and any code that > > implements them > > will meet the Apache IPR requirements. > > > > My co-chair Gabe Wachob and I have been one of a set of OASIS > > TC chairs that > > have been arguing hard for OASIS to adopt a more explicit > "open source > > compatible" IPR mode, and we would be happy to work with you > > and ASF to > > continue to champion it. But at the same time we don't want > > that to slow > > down any existing OASIS work such as XRI and XDI which has > > always been 100% > > committed to open, royalty-free, open-source compatible specs. > > > > In other words, we don't want our TC's penalized for the sins > > of other large > > OASIS members who may not be as supportive of open source. > > > > Please let us know how else we can assist this effort. > > > > =Drummond (http://xri.net/=drummond.reed) > > > > -----Original Message----- > > From: Davanum Srinivas [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, June 20, 2006 6:26 AM > > To: general@incubator.apache.org > > Cc: Drummond Reed; [EMAIL PROTECTED] > > Subject: Re: [PROPOSAL] Heraldry Identity Project > > > > Drummond, > > > > Here's some background history of things that we have faced. > > > > OpenSAML folks were interested in making OpenSAML an > Apache project. > > So we did a bit of research and realized that RSA Security > has put up > > a page asking folks to sign a patent licensing aggrement [1]. AFAIK, > > SAML is also under "open, public, and royalty-free". Apache > could even > > sign something with them, BUT for a clause that says that we have to > > inform people who use our binaries to go talk to RSA > Security. For us, > > this was not acceptable. So we ended up not incubating OpenSAML. > > Please see the following threads for additional info [2] > > > > We've also had a follow up interaction with MSFT and IBM legal teams > > on OASIS WS-Security when we started TSIK incubation. FWIW, Verisign > > has an aggrement that they give out to people BUT not which is not > > public. MSFT and IBM ended up saying that they don't have > any patents > > that affect WS-Security and Versign was covered using CCLA and > > Software Grant. > > > > For us here, we want to make sure that *anyone* can > download our stuff > > and use it in whichever fashion they want to. Both code and > binaries. > > Right now OASIS does not have a mechanism to make that happen > > (Verisign has a non-public agreement for WS-Security, RSA > Security has > > clauses that make it impossible for us to do a SAML impl). Both the > > old legacy regime and the new IPR regime in OASIS have holes IMHO. > > > > How can we prevent these kinds of situation from happening? > > > > thanks, > > dims > > > > [1] http://www.rsasecurity.com/node.asp?id=2530 > > [2] > > http://marc.theaimsgroup.com/?l=incubator-general&w=2&r=1&s=Op > > enSAML&q=b > > > > On 6/20/06, Recordon, David <[EMAIL PROTECTED]> wrote: > > > This has obviously been something we've been looking at in > > order to do > > > our own due diligence on XRI IPR before being willing to > > contribute the > > > Yadis spec to be incorporated into XRI Resolution 2.0. > > Drummond Reed > > > sent me the following email further explaining this issue > > and asked me > > > to forward it along to the list for him since he had not > > yet subscribed. > > > > > > David, > > > As we discussed with you in drafting the proposal, all > > members of the > > > OASIS XRI TC are fully prepared to sign the CCLA and any necessary > > > software grants required by the ASF. In fact the OASIS XRI > > TC is one of > > > the few OASIS TCs to have written the requirement into its > > charter for > > > its specifications to be 100% open, public, and > > royalty-free. Following > > > is the exact language from the XRI TC charter at > > > http://www.oasis-open.org/committees/xri/charter.php. > > > > > > > In no event shall this Technical Committee finalize or > approve any > > > technical > > > > specification if it believes that the use, distribution, or > > > implementation of > > > > such specification would necessarily require the unauthorized > > > infringement of > > > > any third party rights known to the Technical > Committee, and such > > > third party > > > > has not agreed to provide necessary license rights on perpetual, > > > royalty-free, > > > > non-discriminatory terms. > > > > > > As you know, I was personally involved not just in creating > > the patents > > > involved, but in subsequently seeing that they were > contributed to a > > > non-profit public trust organization, XDI.org, so that they > > could become > > > open, public, royalty-free standards. Complete details of the > > > contribution from XDI.org to the OASIS XRI TC are on the TC > > IPR page at: > > > http://www.oasis-open.org/committees/xri/ipr.php The TC > has already > > > spawned one open source project (www.openxri.org) that uses > > the Apache > > > license (and whose code is already incorporated into other > > open source > > > projects). > > > > > > I am copying my XRI TC co-chair, Gabe Wachob of Visa > > International, who > > > can further attest to the depth of our commitment that the > > XRI standards > > > would be 100% free and open and compatible with all open source > > > implementations. > > > > > > Best, > > > =Drummond > > > > > > -----Original Message----- > > > From: Roy T. Fielding [mailto:[EMAIL PROTECTED] > > > Sent: Monday, June 19, 2006 5:19 PM > > > To: general@incubator.apache.org > > > Subject: Re: [PROPOSAL] Heraldry Identity Project > > > > > > This space in OASIS is a festering pile of claimed patents. > > > Are all of the companies involved willing to sign the CCLA > > and software > > > grants necessary to assure distribution under the Apache License? > > > > > > ....Roy > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > -- > > Davanum Srinivas : http://wso2.com/blogs/ > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
