Return-Path: Mailing-List: contact general-help@incubator.apache.org; run by ezmlm Delivered-To: mailing list general@incubator.apache.org Received: (qmail 38482 invoked from network); 21 Feb 2003 23:23:09 -0000 Received: from unknown (HELO set.superlinksoftware.com) (66.35.175.110) by daedalus.apache.org with SMTP; 21 Feb 2003 23:23:09 -0000 Received: from rdu57-249-152.nc.rr.com ([66.57.249.152]) by set.superlinksoftware.com (JAMES SMTP Server 2.1) with SMTP ID 637 for ; Fri, 21 Feb 2003 17:47:16 -0500 (EST) Message-ID: <3E564B69.6030900@apache.org> Date: Fri, 21 Feb 2003 10:53:13 -0500 From: "Andrew C. Oliver" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021212 X-Accept-Language: en-us, en MIME-Version: 1.0 To: general@incubator.apache.org Subject: Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of Web Services ) References: <008101c2d9be$f9b29840$0100a8c0@SAIDIN> In-Reply-To: <008101c2d9be$f9b29840$0100a8c0@SAIDIN> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Scott Cantor wrote: >>On my part this is -1 on these types of terms in general. >>These terms basically make Apache a free development >>subsidiary of RSA which is just not good. >> >> > >I'm not sure I follow this line of reasoning. The license language that they are supposedly writing does not connote any such thing. >It says if you want their SAML patent rights for free, you give them your SAML patent rights. It doesn't promise code (which is >hardly an issue for Apache which already lets them use the code), and it doesn't offer other IPR. > > No it says that your enduser of the Apache SAML library may have to pay RSA for a license (or rather it doesn't say that they won't). >Do these terms make Sun a subsidiary of RSA? They have a SAML product out now. > > And they can pay RSA for licenses for users of it... >The danger is in the lockdown that occurs if they changed the license such that the terms were no longer acceptable, not in the >initial terms. > >The terms aren't done, but this is a moot discussion until they are...I would not advise the PMC to even take a final vote until the >terms are public. > > Okay. I'm just noting that these terms look objectionable. > > >>This is not specific to >>OpenSAML. I look forward to a web services security standard which is >>not tied to proprietary licensing. >> >> > >Then I fear Apache or someone else would need to create one, unfortunately. Neither OASIS nor the W3C appear to be headed in such a >direction, and as others noted, it's impossible to know for certain that you will be free and clear anywhere unless you're prepared >to fight patents in court. > > The W3C is aiming very eagerly into irrelevance anyhow. > > >>Is it possible to change the standard as not to infringe on >>these patents? >> >> > >If somebody can actually figure out exactly what parts of SAML are covered, then a factoring of the code might be possible. I'm not >particularly inclined to such a direction myself, and I haven't the faintest idea how to read patents, in most cases. > >I don't see the standard itself addressing this, no. > > I don't see a motivation for Apache to accept projects which might/would require the enduser to pay a company royalties. This seems contrary to the terms and spirit. -Andy >-- Scott > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org >For additional commands, e-mail: general-help@incubator.apache.org > > > >