incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davanum Srinivas <dava...@gmail.com>
Subject Re: TSIK incubation hurdle - Patents!
Date Wed, 22 Jun 2005 19:15:32 GMT
Here's the IBM License for WS-Security:
http://www.ibm.com/ibm/licensing/977Q/2112.shtml

-- dims

On 6/16/05, Davanum Srinivas <davanum@gmail.com> wrote:
> Hi all,
> 
> Background:
> Apache WSS4J is an implementation of OASIS Web Services Security specification
>   - http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
> WS-Security was originally developed by IBM, Microsoft and Verisign
>   - http://xml.coverpages.org/ni2002-04-11-b.html
> The IPR statements from various companies are listed here
>   - http://www.oasis-open.org/committees/wss/ipr.php
> Verisign has offered TSIK for incubation
>   - http://marc.theaimsgroup.com/?l=incubator-general&m=111638639824834&w=2
> WS-PMC has voted to accept it.
>   - http://marc.theaimsgroup.com/?l=incubator-general&m=111754896032244&w=2
> 
> Situation:
> As part of the incubation process, we had a call with Hans Granqvist and
> DJ Power from Verisign. DJ is the chief IP person dealing with legal
> issues and Hans is the dev lead who is driving the incubation / donation
> process. David informed us that there are patent concerns w.r.t to
> WS-Security and they are working with Microsoft and IBM on it. I have no
> knowledge of any patents that we are infringing on w.r.t WSS4J and have
> not seen the verisign tsik code either. Anyways, if you see the IPR
> statements on the oasis web site, there is no clue on specific patents
> involved, except for SAML (from RSA-Security). Folks here may remember
> that we killed OpenSAML incubation, specifically because of this reason.
> Anyway back to the current situation, Here's what they are proposing how
> we could go about the incubation process.
> 
> - Verisign can donate code ASAP. They know that it will be in full
>   public view.
> - Verisign would come up with a small text paragraph that we could make
>   part of the build process, our web site etc warning that users should
>   talk to respective companies if they want to use the code.
> - The team working on the code will choose not to make any milestone
>   releases till tsik exits incubation.
> - Verisign will work with IBM and Microsoft and ensure that any releases
>   for TSIK will be under just ASL 2.0 and nothing more.
> - If after a reasonable time, we (Verisign and Apache) can decide to
>   kill the incubation process if there is no movement on the IP front.
> - As part of that process, we can nuke all the TSIK code in our SVN
> 
> Is this acceptable to us? Isn't incubation the place (and process) for
> sorting through these issues?
> 
> Additional Notes: I had to google for 15+ minutes to get this information
> - Microsoft's license is listed here:
>   http://www.microsoft.com/mscorp/ip/standards/
> - Hans verified that "Verisign's current license for WS-Security is in
>   their TSIK release, where it is part of an click-thru installshield
>   installer. It is also referenced in the source.".
> - Apparently IBM's license details are not public:
>   http://lists.oasis-open.org/archives/wss/200304/msg00056.html
> - I've asked Sam Ruby to ping IBM legal about the license.
> - Had a exploratory short call with Kim Cameron (MSFT) about Infocard
> etc. Mentioned this problem as well. He *may* write up something on
> his blog/site. I need to sync up with BenL (about a follow up call
> with them). Verisign folks are talking to IBM and MSFT as well.
> 
> --
> Davanum Srinivas -http://blogs.cocoondev.org/dims/
> 


-- 
Davanum Srinivas -http://blogs.cocoondev.org/dims/

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message