www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davanum Srinivas <dava...@gmail.com>
Subject Re: IBM's license for WS-Security - Take #2
Date Mon, 27 Jun 2005 15:56:30 GMT
Thanks Jeff. I do understand the "there isn't much interest in
redrafting the details of a patent license that was published 3 years
ago when there would be no practical effect to making changes.". BUT
the problem is a few ASF members (including a Board member) have told
us that we can't push out a release for WSS4J (OR) get code from
Verisign for TSIK incubation if we don't get licenses from MSFT/IBM.
So i have no idea what to do....Please advise.

Let's look at it from another angle, do *you* think there are any
problems with Apache signing the IBM License for WS-Security as-is?

thanks,
dims

On 6/27/05, Jeffrey Thompson <jthom@us.ibm.com> wrote:
>  
> Davanum Srinivas <davanum@gmail.com> wrote on 06/26/2005 08:28:08 AM:
>  
>  > Jeff,
>  > 
>  > Did you miss replying to this email? (or did i lose it in my spam
> bucket?)
>  > 
>  > thanks,
>  > dims
>  
> Dims 
>      You didn't miss the reply.  I didn't reply as we were already exploring
> the basic issues on the other thread.
>  
>      For completeness, I'll include comments below, however, as you might be
> able to imagine, there isn't much interest in redrafting the details of a
> patent license that was published 3 years ago when there would be no
> practical effect to making changes.  Purely theoretical discussions are
> interesting, but when people's plates are already full, asking them to redo
> an agreement without a real reason isn't likely to be received well.
>  
> > 
>  > On 6/23/05, Davanum Srinivas <davanum@gmail.com> wrote:
>  > > Jeff,
>  > > 
>  > > Here's the feedback on the IBM License (Sorry the U.S. Export clause
>  > > was only in the MSFT license and i wrongly copied it in the email i
>  > > sent to you).
>  > > 
>  > > thanks,
>  > > dims
>  > > 
>  > >
> ===============================================================
>  > > Some brief comments on the IBM license for WS-Security:
>  > > 
>  > > 1. The license would allow ASF to make, sell etc. only Licensed
> Products
>  > > that are compliant with "all relevant portions of the Specification."
> What
>  > > are relevant portions? Is ASF willing to guarantee full compliance?
> (Section
>  > > 1.1 and 6.2.)
>  
> Yes, the code needs to be compliant with the Spec otherwise its not a
> licensed implementation of the spec. 
>  
> > > 
>  > > 2. The license is nontransferrable. Under this license, ASF can't allow
>  > > third parties to make Licensed Products, which is contrary to ASF's
> license.
>  > > While the license purports to be sublicenseable, that sublicense
> extends
>  > > only to "Subsidiaries," which is irrelevant to ASF's model or
> opensource in
>  > > general. (Section 1.3.)
>  
> ASF can't transfer the license or sublicense it to customers.  See our other
> discussion as to why that doesn't prevent Apache from creating and
> distributing implementations and why Apache's licensees are already covered
> for their use. 
>  
> > > 
>  > > 3. ASF can't experiment with this patented technology unless it in fact
>  > > afterwards executes this agreement. Prior infringment isn't excused
>  > > otherwise. So be careful until you decide to execute the agreement.
> (Section
>  > > 1.4)
>  
> If we had identified specific patents, I guess this could be an issue, but
> I'm not sure that it would have any practical effect.  If a patent holder
> sues someone for past patent infringement when there is a patent license
> available, the court is fairly limited on what it can award as damages.  The
> royalty rate on the license (potentially trebled) is for all practical
> purposes the cap.  Since the license being offered is for $0, there would be
> no damages available to the patent holder for the past infringment.  So
> there is no reason for the patent holder to pursue anyone for past
> infringment.  In any event, its a valid observation about the license, which
> I don't think will have a practical impact on Apache, but I'll pass it on
> for the next time. 
>  
> > > 
>  > > 4. The patent termination provision (section 2.2) is very broad and
> applies
>  > > to any claim for patent infringement. Such provisions have been
> denounced by
>  > > several companies, and ASF changed its Apache 2.0 license in response
> to
>  > > such criticism. Now IBM is resurrecting it here.
>  
> IBM wants to discourage patent litigation.  I understand that different
> people have different opinions on how to best do that, but there is no
> requirement that Apache and IBM take exactly the same approach.  Remember,
> this patent license is orthogonal to the Apache license. 
>  
> > > 
>  > > 5. For some reason, IBM has the right to publicise the agreement but
> the
>  > > other party doesn't. (Section 5.2.). This lack of balance of rights in
> IBM's
>  > > licenses always troubles me. Furthermore, why that restriction? 
>  
> Interesting observation.  I don't know the reason behind that, but I'll pass
> the issue on for the next time. 
> 
>  > > 
>  > > 6. The license requires formal execution. (Section 5.6.) That kind of
>  > > licensing friction doesn't work for open source downstream licensees
> who
>  > > intend to make, use, sell, etc., Licensed Products or derivative works.
>  
> We've discussed this one.  Apache's licensees don't need to execute a
> license for their use of Apache's implementation.  Actual signatures by the
> few companies that are creating implementations isn't the lowest friction
> approach, but it isn't onerous either.  And as I mentioned before, covenants
> not to assert are being considered for future standards. 
>  
> > > 
>  > > 7. This license doesn't include a copyright license to "implementation
>  > > examples." So be careful not to copy those examples when implementing
> the
>  > > Specification. (Section 6.1, final sentence.)
>  
> To pick a nit, the patent license doesn't include a copyright license at
> all, let alone a copyright license to the examples.  The purpose of that
> sentence is to make it clear that the specification really means the
> normative sections of the document, not examples, and not other stuff that
> doesn't describe what has to be done to comply with the spec. 
> Theoretically, a example could include lots of stuff that isn't WS-Security
> and we want no confusion as to what is being licensed.   
>  
> However, I don't disagree with your conclusion.  From a lawyer's
> perspective, its better not to copy example code.  Read it.  Understand it. 
> Write your own code. 
>  
> > >
> ===============================================================
>  
> Jeff 
>  
> Staff Counsel, IBM Corporation  (914)766-1757  (tie)8-826  (fax) -8160
>  (notes) jthom@ibmus  (internet) jthom@us.ibm.com (home) jeff@beff.net
>  (web) http://www.beff.net/ 
>  


-- 
Davanum Srinivas -http://blogs.cocoondev.org/dims/

---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only, are not privileged and do not constitute legal advice.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message