Hi Jorge, Hi Scott, we need your advice in the OAuth working group.
We are about to finalize a specification called 'Dynamic Client Registration' (http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-19) and this document intentionally harmonizes work done in two other organizations, namely in Kantara and in the OpenID Foundation. As part of this harmonization text was copied from specifications developed by these two organizations. When I did my shepherd write-up the question about potential copyright and IPR issues surfaced. Currently, we have put the following text into draft-ietf-oauth-dyn-reg-19 to reference and acknowledge the work done in UMA and in the OpenID Foundation concerning the history: " Multiple applications using OAuth 2.0 have previously developed mechanisms for accomplishing such registrations. This specification generalizes the registration mechanisms defined by the OpenID Connect Dynamic Client Registration 1.0 [OpenID.Registration] specification and used by the User Managed Access (UMA) Profile of OAuth 2.0 [I-D.hardjono-oauth-umacore] specification in a way that is compatible with both, while being applicable to a wider set of OAuth 2.0 use cases. " The copyright situation with the UMA work might be easier since the UMA working group decided to publish their material as an IETF draft - [I-D.hardjono-oauth-umacore]. The OpenID Connect Registration draft (see http://openid.net/specs/openid-connect-registration-1_0.html) provides information about the copyright by saying: " The OpenID Foundation (OIDF) grants to any Contributor, developer, implementer, or other interested party a non-exclusive, royalty free, worldwide copyright license to reproduce, prepare derivative works from, distribute, perform and display, this Implementers Draft or Final Specification solely for the purposes of (i) developing specifications, and (ii) implementing Implementers Drafts and Final Specifications based on such documents, provided that attribution be made to the OIDF as the source of the material, but that such attribution does not indicate an endorsement by the OIDF. " I believe we are OK copying text from your specifications but the IPR situation is unclear to me since the IPR rules of these two organizations are different to those in the IETF. The IPR policies of the two organizations are described here: http://openid.net/intellectual-property/ http://kantarainitiative.org/confluence/download/attachments/2293776/Kantara%20Initiative%20IPR%20Policies%20_V1.1_.pdf I put the co-chairs of the Kantara UMA working group (see http://kantarainitiative.org/confluence/display/uma/Home) and the chairman of the OpenID Foundation (see http://openid.net/foundation/leadership/) on CC to help with potential questions. They are well aware of the IETF work on the dynamic client registration specification. Thanks for your help. Ciao Hannes & Derek
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
