incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davanum Srinivas" <dava...@gmail.com>
Subject Re: [PROPOSAL] Heraldry Identity Project
Date Tue, 20 Jun 2006 19:04:27 GMT
Drummond,

I welcome the frank assessment and talk on the issues. No, there is no
intent to penalize anyone :) We already have projects that implement
OASIS standards but are *very * careful about keeping our ears and
eyes open for potential problems. I am glad to have you guys here and
to hear the eagerness to get things started. We just have to put our
best foot forward and go on. I just wanted to bring the issues to the
table and know what to expect from all sides.

thanks,
dims

On 6/20/06, Drummond Reed <drummond.reed@cordance.net> wrote:
> Dims,
>
> I am very familiar with the SAML and OpenSAML problems; on this message I'm
> cc'ing Peter Davis of NeuStar who has been helping to try to overcome those
> for several years (with some recent progress).
>
> Thankfully Peter and Gabe and others who were founding members of the XRI TC
> said, "No way we're going down that road -- any and all XRI specs will be
> 100% royalty-free and open source-compatible, i.e., not require any
> licensing".
>
> We have stayed true to that. Although XRI Resolution 2.0 does offer both
> HTTPS-based resolution and SAML 2.0 signed assertions as trust options, both
> are OPTIONAL and not in any way required.
>
> So I can provide you with a very strong assurance on behalf of the OASIS XRI
> TC members that the XRI specifications and any code that implements them
> will meet the Apache IPR requirements.
>
> My co-chair Gabe Wachob and I have been one of a set of OASIS TC chairs that
> have been arguing hard for OASIS to adopt a more explicit "open source
> compatible" IPR mode, and we would be happy to work with you and ASF to
> continue to champion it. But at the same time we don't want that to slow
> down any existing OASIS work such as XRI and XDI which has always been 100%
> committed to open, royalty-free, open-source compatible specs.
>
> In other words, we don't want our TC's penalized for the sins of other large
> OASIS members who may not be as supportive of open source.
>
> Please let us know how else we can assist this effort.
>
> =Drummond (http://xri.net/=drummond.reed)
>
> -----Original Message-----
> From: Davanum Srinivas [mailto:davanum@gmail.com]
> Sent: Tuesday, June 20, 2006 6:26 AM
> To: general@incubator.apache.org
> Cc: Drummond Reed; gwachob@visa.com
> Subject: Re: [PROPOSAL] Heraldry Identity Project
>
> Drummond,
>
> Here's some background history of things that we have faced.
>
> OpenSAML folks were interested in making OpenSAML an  Apache project.
> So we did a bit of research and realized that RSA Security has put up
> a page asking folks to sign a patent licensing aggrement [1]. AFAIK,
> SAML is also under "open, public, and royalty-free". Apache could even
> sign something with them, BUT for a clause that says that we have to
> inform people who use our binaries to go talk to RSA Security. For us,
> this was not acceptable. So we ended up not incubating OpenSAML.
> Please see the following threads for additional info [2]
>
> We've also had a follow up interaction with MSFT and IBM legal teams
> on OASIS WS-Security when we started TSIK incubation. FWIW, Verisign
> has an aggrement that they give out to people BUT not which is not
> public. MSFT and IBM ended up saying that they don't have any patents
> that affect WS-Security and Versign was covered using CCLA and
> Software Grant.
>
> For us here, we want to make sure that *anyone* can download our stuff
> and use it in whichever fashion they want to. Both code and binaries.
> Right now OASIS does not have a mechanism to make that happen
> (Verisign has a non-public agreement for WS-Security, RSA Security has
> clauses that make it impossible for us to do a SAML impl). Both the
> old legacy regime and the new IPR regime in OASIS have holes IMHO.
>
> How can we prevent these kinds of situation from happening?
>
> thanks,
> dims
>
> [1] http://www.rsasecurity.com/node.asp?id=2530
> [2] http://marc.theaimsgroup.com/?l=incubator-general&w=2&r=1&s=OpenSAML&q=b
>
> On 6/20/06, Recordon, David <drecordon@verisign.com> wrote:
> > This has obviously been something we've been looking at in order to do
> > our own due diligence on XRI IPR before being willing to contribute the
> > Yadis spec to be incorporated into XRI Resolution 2.0.  Drummond Reed
> > sent me the following email further explaining this issue and asked me
> > to forward it along to the list for him since he had not yet subscribed.
> >
> > David,
> > As we discussed with you in drafting the proposal, all members of the
> > OASIS XRI TC are fully prepared to sign the CCLA and any necessary
> > software grants required by the ASF. In fact the OASIS XRI TC is one of
> > the few OASIS TCs to have written the requirement into its charter for
> > its specifications to be 100% open, public, and royalty-free. Following
> > is the exact language from the XRI TC charter at
> > http://www.oasis-open.org/committees/xri/charter.php.
> >
> > > In no event shall this Technical Committee finalize or approve any
> > technical
> > > specification if it believes that the use, distribution, or
> > implementation of
> > > such specification would necessarily require the unauthorized
> > infringement of
> > > any third party rights known to the Technical Committee, and such
> > third party
> > > has not agreed to provide necessary license rights on perpetual,
> > royalty-free,
> > > non-discriminatory terms.
> >
> > As you know, I was personally involved not just in creating the patents
> > involved, but in subsequently seeing that they were contributed to a
> > non-profit public trust organization, XDI.org, so that they could become
> > open, public, royalty-free standards. Complete details of the
> > contribution from XDI.org to the OASIS XRI TC are on the TC IPR page at:
> > http://www.oasis-open.org/committees/xri/ipr.php The TC has already
> > spawned one open source project (www.openxri.org) that uses the Apache
> > license (and whose code is already incorporated into other open source
> > projects).
> >
> > I am copying my XRI TC co-chair, Gabe Wachob of Visa International, who
> > can further attest to the depth of our commitment that the XRI standards
> > would be 100% free and open and compatible with all open source
> > implementations.
> >
> > Best,
> > =Drummond
> >
> > -----Original Message-----
> > From: Roy T. Fielding [mailto:fielding@gbiv.com]
> > Sent: Monday, June 19, 2006 5:19 PM
> > To: general@incubator.apache.org
> > Subject: Re: [PROPOSAL] Heraldry Identity Project
> >
> > This space in OASIS is a festering pile of claimed patents.
> > Are all of the companies involved willing to sign the CCLA and software
> > grants necessary to assure distribution under the Apache License?
> >
> > ....Roy
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> > For additional commands, e-mail: general-help@incubator.apache.org
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> > For additional commands, e-mail: general-help@incubator.apache.org
> >
> >
>
>
> --
> Davanum Srinivas : http://wso2.com/blogs/
>
>


-- 
Davanum Srinivas : http://wso2.com/blogs/

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message