Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation

[Justin Richer]

I like the idea of adding some of the text in the introduction, as I 
agree the compatibility is an important (and hard-won) accomplishment. I 
think taking Mike's text, expanding it, and putting it in the 
introduction might serve the overall purpose just fine:

Portions of this specification are derived from the OpenID Connect
Dynamic Registration [OpenID.Registration] specification and from
the User Managed Access [UMA] specification.  This was done
so that implementations of these three specifications will be
compatible with one another.

These are both informative references, so we can reference the ID for UMA.

 -- Justin

On 7/16/2014 7:44 AM, Hannes Tschofenig wrote:
Interesting background information. Maybe we should then extend the note
Mike provided to also clarify the relationship with the UMA work (both
in terms to IPR, copyright, and attribution-wise).

It would also make sense to state the relationship in the introduction
to highlight the compatibility, which I believe is a big accomplishment.

Ciao
Hannes

On 07/16/2014 01:41 PM, Justin Richer wrote:
I thought I had sent this note already, but I don't see it in the
archives or in my 'sent' folder:

If we're going to point to OpenID Connect (which I'm fine with), then we
should clarify that portions were also taken from the UMA specification.
In fact, draft -00 actually *was* the UMA specification text entirely.
This is also what the OpenID Connect registration specification was
(loosely) based on when it was started.

In reality, the relationship between these three documents from three
different SBO's is more complicated: they all grew up together and
effectively merged to become wire-compatible with each other. There were
a number of changes that were discussed here in the IETF that OpenID
Connect adopted, and a number of changes that were discussed at OIDF
that were adopted here. OIDC also extends the IETF draft with a set of
OIDC-specific metadata fields and editorial language that makes it fit
more closely in the OIDC landscape, but make no mistake: they're the
same protocol. In the case of UMA, it's a straight normative reference
to the IETF document now because we were able to incorporate those use
cases and parameters directly.

The trouble is, I'm not sure how to concisely state that all that in the
draft text, but it's not as simple as "we copied OpenID", which is what
the text below seems to say.

  -- Justin

On 7/16/2014 6:17 AM, Hannes Tschofenig wrote:
Thanks, Mike.

This is a useful addition and reflects the relationship between the two
efforts.

Please add it to the next draft version.

Ciao
Hannes

On 07/15/2014 09:46 PM, Mike Jones wrote:
So that the working group has concrete language to consider, propose the
following language to the OAuth Dynamic Client Registration specification:

  

Portions of this specification are derived from the OpenID Connect
Dynamic Registration [OpenID.Registration] specification.  This was done
so that implementations of this specification and OpenID Connect Dynamic
Registration can be compatible with one another.

  

                                                             -- Mike

  

*From:*OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Mike Jones
*Sent:* Tuesday, July 08, 2014 7:15 PM
*To:* Phil Hunt; Hannes Tschofenig
*Cc:* Maciej Machulak; oauth@ietf.org
*Subject:* Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation

  

Thinking about this some more, there is one IPR issue that we need to
address before publication.  This specification is a derivative work
from the OpenID Connect Dynamic Registration specification
http://openid.net/specs/openid-connect-registration-1_0.html.  Large
portions of the text were copied wholesale from that spec to this one,
so that the two would be compatible.  (This is good thing – not a bad
thing.)

  

This is easy to address from an IPR perspective – simply acknowledge
that this spec is a derivative work and provide proper attribution.  The
OpenID copyright in the spec at
http://openid.net/specs/openid-connect-registration-1_0.html#Notices
allows for this resolution.  It says:

  

Copyright (c) 2014 The OpenID Foundation.

The OpenID Foundation (OIDF) grants to any Contributor, developer,
implementer, or other interested party a non-exclusive, royalty free,
worldwide copyright license to reproduce, prepare derivative works from,
distribute, perform and display, this Implementers Draft or Final
Specification solely for the purposes of (i) developing specifications,
and (ii) implementing Implementers Drafts and Final Specifications based
on such documents, provided that attribution be made to the OIDF as the
source of the material, but that such attribution does not indicate an
endorsement by the OIDF.

Let’s add the reference and acknowledgment in the next version.

  

                                                             -- Mike

  

*From:*Mike Jones
*Sent:* Tuesday, July 08, 2014 10:06 AM
*To:* Phil Hunt; Hannes Tschofenig
*Cc:* John Bradley; Justin Richer; Maciej Machulak; oauth@ietf.org
<mailto:oauth@ietf.org>
*Subject:* RE: Dynamic Client Registration: IPR Confirmation

  

I likewise do not hold any IPR on these specs.

------------------------------------------------------------------------

*From: *Phil Hunt <mailto:phil.h...@oracle.com>
*Sent: *‎7/‎8/‎2014 9:11 AM
*To: *Hannes Tschofenig <mailto:hannes.tschofe...@gmx.net>
*Cc: *Mike Jones <mailto:michael.jo...@microsoft.com>; John Bradley
<mailto:ve7...@ve7jtb.com>; Justin Richer <mailto:jric...@mitre.org>;
Maciej Machulak <mailto:m.p.machu...@ncl.ac.uk>; oauth@ietf.org
<mailto:oauth@ietf.org>
*Subject: *Re: Dynamic Client Registration: IPR Confirmation

I confirm I have no IPR disclosures on this document.

Phil

On Jul 8, 2014, at 4:54, Hannes Tschofenig <hannes.tschofe...@gmx.net 
<mailto:hannes.tschofe...@gmx.net>> wrote:

Hi Phil, John, Maciej, Justin, Mike,

I am working on the shepherd writeup for the dynamic client registration
document and one item in the template requires me to indicate whether
each document author has confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed.

Could you please confirm?

Ciao
Hannes



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth