incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wachob, Gabe" <gwac...@visa.com>
Subject RE: [PROPOSAL] Heraldry Identity Project
Date Tue, 20 Jun 2006 20:53:10 GMT
Just to follow up, I just ran into this announcement by SUN w/r/t
Non-assertion Covenants, which is exactly the sort of mechanism I've
been advocating to make Open Source implementation and adoption more
frictionless:

http://xml.coverpages.org/ni2006-06-15-a.html

I'd suggest all the interested parties review this page - including some
of the background info on the bottom of the page.

  -Gabe

> -----Original Message-----
> From: Wachob, Gabe 
> Sent: Tuesday, June 20, 2006 12:05 PM
> To: 'Drummond Reed'; dims@apache.org; general@incubator.apache.org
> Cc: 'Peter Davis'; 'Graves, Michael'
> Subject: RE: [PROPOSAL] Heraldry Identity Project
> 
> Hello folks-
>     I read this thread with a *ton* of sympathy. I think 
> Drummond characterizes the situation correctly. I have 
> (several times) raised exactly these concerns to the OASIS 
> community (see [1] in particular and followups on [2] and 
> [3]). There is actually a lot of sympathy and even some 
> action (see [4] - which relates to SAML and RSA 
> specifically!) - the action that is most helpful are 
> statements of non-action covenants by patent owners (in 
> OASIS, particpants are required to disclose the fact that 
> they have relevant patents). 
>     I personally have done (and continue to do) anything I 
> can to make XRI (and any other useful OASIS spec) 
> implementable within the constraints of the ASF's mode of 
> operation. I think its good practice for the community at 
> large, open source or not. 
>     If one of you folks from Apache could make these concerns 
> very obvious to the OASIS community (perhaps just a summary 
> of this thread from one of the ASF folks that I could forward 
> to the relevant OASIS lists), I think that would go a long 
> way towards pushing the issue forward. 
> 
>     -Gabe
> 
> [1] http://www.oasis-open.org/archives/chairs/200604/msg00013.html 
> [2] http://www.oasis-open.org/archives/chairs/200604/maillist.html 
> [3] http://www.oasis-open.org/archives/chairs/200605/maillist.html)
> [4] http://www.oasis-open.org/archives/chairs/200605/msg00018.html 
> 
> > -----Original Message-----
> > From: Drummond Reed [mailto:drummond.reed@cordance.net] 
> > Sent: Tuesday, June 20, 2006 9:55 AM
> > To: dims@apache.org; general@incubator.apache.org
> > Cc: Wachob, Gabe; 'Peter Davis'; 'Graves, Michael'
> > Subject: RE: [PROPOSAL] Heraldry Identity Project
> > 
> > Dims,
> > 
> > I am very familiar with the SAML and OpenSAML problems; on 
> > this message I'm
> > cc'ing Peter Davis of NeuStar who has been helping to try to 
> > overcome those
> > for several years (with some recent progress).
> > 
> > Thankfully Peter and Gabe and others who were founding 
> > members of the XRI TC
> > said, "No way we're going down that road -- any and all XRI 
> > specs will be
> > 100% royalty-free and open source-compatible, i.e., not require any
> > licensing".
> > 
> > We have stayed true to that. Although XRI Resolution 2.0 does 
> > offer both
> > HTTPS-based resolution and SAML 2.0 signed assertions as 
> > trust options, both
> > are OPTIONAL and not in any way required.
> > 
> > So I can provide you with a very strong assurance on behalf 
> > of the OASIS XRI
> > TC members that the XRI specifications and any code that 
> > implements them
> > will meet the Apache IPR requirements.
> > 
> > My co-chair Gabe Wachob and I have been one of a set of OASIS 
> > TC chairs that
> > have been arguing hard for OASIS to adopt a more explicit 
> "open source
> > compatible" IPR mode, and we would be happy to work with you 
> > and ASF to
> > continue to champion it. But at the same time we don't want 
> > that to slow
> > down any existing OASIS work such as XRI and XDI which has 
> > always been 100%
> > committed to open, royalty-free, open-source compatible specs.
> > 
> > In other words, we don't want our TC's penalized for the sins 
> > of other large
> > OASIS members who may not be as supportive of open source.
> > 
> > Please let us know how else we can assist this effort.
> > 
> > =Drummond (http://xri.net/=drummond.reed)   
> > 
> > -----Original Message-----
> > From: Davanum Srinivas [mailto:davanum@gmail.com] 
> > Sent: Tuesday, June 20, 2006 6:26 AM
> > To: general@incubator.apache.org
> > Cc: Drummond Reed; gwachob@visa.com
> > Subject: Re: [PROPOSAL] Heraldry Identity Project
> > 
> > Drummond,
> > 
> > Here's some background history of things that we have faced.
> > 
> > OpenSAML folks were interested in making OpenSAML an  
> Apache project.
> > So we did a bit of research and realized that RSA Security 
> has put up
> > a page asking folks to sign a patent licensing aggrement [1]. AFAIK,
> > SAML is also under "open, public, and royalty-free". Apache 
> could even
> > sign something with them, BUT for a clause that says that we have to
> > inform people who use our binaries to go talk to RSA 
> Security. For us,
> > this was not acceptable. So we ended up not incubating OpenSAML.
> > Please see the following threads for additional info [2]
> > 
> > We've also had a follow up interaction with MSFT and IBM legal teams
> > on OASIS WS-Security when we started TSIK incubation. FWIW, Verisign
> > has an aggrement that they give out to people BUT not which is not
> > public. MSFT and IBM ended up saying that they don't have 
> any patents
> > that affect WS-Security and Versign was covered using CCLA and
> > Software Grant.
> > 
> > For us here, we want to make sure that *anyone* can 
> download our stuff
> > and use it in whichever fashion they want to. Both code and 
> binaries.
> > Right now OASIS does not have a mechanism to make that happen
> > (Verisign has a non-public agreement for WS-Security, RSA 
> Security has
> > clauses that make it impossible for us to do a SAML impl). Both the
> > old legacy regime and the new IPR regime in OASIS have holes IMHO.
> > 
> > How can we prevent these kinds of situation from happening?
> > 
> > thanks,
> > dims
> > 
> > [1] http://www.rsasecurity.com/node.asp?id=2530
> > [2] 
> > http://marc.theaimsgroup.com/?l=incubator-general&w=2&r=1&s=Op
> > enSAML&q=b
> > 
> > On 6/20/06, Recordon, David <drecordon@verisign.com> wrote:
> > > This has obviously been something we've been looking at in 
> > order to do
> > > our own due diligence on XRI IPR before being willing to 
> > contribute the
> > > Yadis spec to be incorporated into XRI Resolution 2.0.  
> > Drummond Reed
> > > sent me the following email further explaining this issue 
> > and asked me
> > > to forward it along to the list for him since he had not 
> > yet subscribed.
> > >
> > > David,
> > > As we discussed with you in drafting the proposal, all 
> > members of the
> > > OASIS XRI TC are fully prepared to sign the CCLA and any necessary
> > > software grants required by the ASF. In fact the OASIS XRI 
> > TC is one of
> > > the few OASIS TCs to have written the requirement into its 
> > charter for
> > > its specifications to be 100% open, public, and 
> > royalty-free. Following
> > > is the exact language from the XRI TC charter at
> > > http://www.oasis-open.org/committees/xri/charter.php.
> > >
> > > > In no event shall this Technical Committee finalize or 
> approve any
> > > technical
> > > > specification if it believes that the use, distribution, or
> > > implementation of
> > > > such specification would necessarily require the unauthorized
> > > infringement of
> > > > any third party rights known to the Technical 
> Committee, and such
> > > third party
> > > > has not agreed to provide necessary license rights on perpetual,
> > > royalty-free,
> > > > non-discriminatory terms.
> > >
> > > As you know, I was personally involved not just in creating 
> > the patents
> > > involved, but in subsequently seeing that they were 
> contributed to a
> > > non-profit public trust organization, XDI.org, so that they 
> > could become
> > > open, public, royalty-free standards. Complete details of the
> > > contribution from XDI.org to the OASIS XRI TC are on the TC 
> > IPR page at:
> > > http://www.oasis-open.org/committees/xri/ipr.php The TC 
> has already
> > > spawned one open source project (www.openxri.org) that uses 
> > the Apache
> > > license (and whose code is already incorporated into other 
> > open source
> > > projects).
> > >
> > > I am copying my XRI TC co-chair, Gabe Wachob of Visa 
> > International, who
> > > can further attest to the depth of our commitment that the 
> > XRI standards
> > > would be 100% free and open and compatible with all open source
> > > implementations.
> > >
> > > Best,
> > > =Drummond
> > >
> > > -----Original Message-----
> > > From: Roy T. Fielding [mailto:fielding@gbiv.com]
> > > Sent: Monday, June 19, 2006 5:19 PM
> > > To: general@incubator.apache.org
> > > Subject: Re: [PROPOSAL] Heraldry Identity Project
> > >
> > > This space in OASIS is a festering pile of claimed patents.
> > > Are all of the companies involved willing to sign the CCLA 
> > and software
> > > grants necessary to assure distribution under the Apache License?
> > >
> > > ....Roy
> > >
> > > 
> > 
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> > > For additional commands, e-mail: general-help@incubator.apache.org
> > >
> > >
> > >
> > > 
> > 
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> > > For additional commands, e-mail: general-help@incubator.apache.org
> > >
> > >
> > 
> > 
> > -- 
> > Davanum Srinivas : http://wso2.com/blogs/
> > 
> > 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message