www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeffrey Thompson <jt...@us.ibm.com>
Subject Re: IBM and WS-Security
Date Fri, 24 Jun 2005 18:43:12 GMT
"William A. Rowe, Jr." <wrowe@rowe-clan.net> wrote on 06/24/2005 12:19:32 

> At 10:21 AM 6/24/2005, Ben Laurie wrote:
> >William A. Rowe, Jr. wrote:
> >2. Each Author commits to grant a non sub-licensable, non-transferable
> >>license to third parties, under royalty-free and other reasonable 
> and non-discriminatory terms and conditions, to certain of their 
> respective patent claims that such Author deems necessary to 
> implement required portions of the WS-Security specification, 
> provided a reciprocal license is granted. 
> >
> >Because it doesn't say what hoops you have to jump through to 
> obtain that licence (the requirement we have being, essentially, 
> that there should be no hoops for the end user).
> Exactly.  Which is why I ask, if grant of license is offered
> to the author, are the users of that author's work covered by
> the grant?

Most every patent grant that I've ever seen is non-transferrable and 
non-sublicensable.  As I mentioned before, the concept of patent 
exhaustion would cover distributors and users of a licensee's product.  I 
don't see an exposure on that point for Apache.  Maybe we should involve 
Robyn in this discussion to make sure that we understand all of Apache's 

> And also why RSA's license-by-fax-in-duplicate is barely
> acceptable, if at all, at the ASF, if that license doesn't then
> cover all users.
> If there are extra burdens noted in NOTICE for derivative works,
> making developers lives harder, I'd be hesitant to graduate such
> a project.  But if there are extra burdens on every user or those
> redistributing the ASF's work, that's unacceptable.

Regarding the extra burden on Apache for getting a patent license, I 
understand the issue.  I would hope that patent holders in general would 
try to make it as painless as possible.  The patent non-assert that IBM 
did a few months ago was one way that we thought would reduce the burden 
and (as Geir mentioned) it has its proponents inside IBM as a general 
policy.  There are downsides to the non-assert approach which we could get 
into in more depth if people are really interested, but it certainly is a 
way to make things less cumbersome.

In any event, the least cumbersome is to not actually go thru the process 
of obtaining an offered license.  There are many reasons why someone might 
not want to execute the license -- the licensor might not have actually 
identified any necessary patent claims (as in the case of IBM with 
WS-Security); or the licensor might have said that there are unidentified 
"patent applications which if they issue as currently drafted . . . . ", 
which is almost the same thing; or the identified patents might be 
obviously invalid; etc.  Just because a license is offered, it doesn't 
mean that Apache needs to execute it.

That brings up why a company might offer a license even though they 
haven't identified any necessary patent claims.  The most likely reason is 
that they want implementors to be comfortable that if any necessary claims 
were to be discovered, that they would be available on acceptable terms. 
Unless the company actually offers the license, it could be accused if 
sitting back waiting to pounce on any implementors. 

> E.g. if 'implementation' license grants don't extend to users 
> and redistribution, without additional effort, then every 
> organization offering us proxy servers for our distribution 
> tree could be violators of those patents.
> Bill

Something that was said in one of the other notes in this string that I 
would STRONGLY agree with.  If Apache becomes aware of an issued patent 
that apparently actually does read on Apache's code, I would hope that 
Apache would do one of 3 things:  change the code to avoid the patent, get 
a license, or cease distribution.  I'm sure that Apache's lawyers would be 
deeply involved in that decision, but I wouldn't want to see Apache just 
ignore it.


Staff Counsel, IBM Corporation  (914)766-1757  (tie)8-826  (fax) -8160
(notes) jthom@ibmus  (internet) jthom@us.ibm.com (home) jeff@beff.net
(web) http://www.beff.net/ 

View raw message