www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeffrey Thompson <jt...@us.ibm.com>
Subject Re: IBM's license for WS-Security - Take #2
Date Tue, 28 Jun 2005 19:32:16 GMT
Niclas Hedhman <niclas@apache.org> wrote on 06/28/2005 03:50:42 AM:

> On Monday 27 June 2005 23:27, Jeffrey Thompson wrote:
> > ASF can't transfer the license or sublicense it to customers.  See our
> > other discussion as to why that doesn't prevent Apache from creating 
> > distributing implementations and why Apache's licensees are already 
> > for their use.
> Sorry for being very dense and a total idiot at times...
> I think the question to ask is; 
> At the end of the day, can anyone take WS-Security and do an arbitrarily 
> of changes (compliant or not) to the codebase and distribute it to 
> else, for-free or for-profit, in accordance with the ALv2 license 
attached to 
> WS-Security, without executing any agreement with ASF, IBM or other 

The way that you asked that question, the answer will have to be "of 
course not".  Apache cannot ensure that its licensees will never need any 
additional IP rights, some of which may require executed agreements. 
Apache's then current WS-Security implementation might initially infringe 
some patent by some currently unknown patent holder.  If he shows up next 
year and asks for a license agreement, Apache can't do anything about that 
(at least right now). 

Also, your licensee might make changes that cause the code to infringe 
other patents or copyrights.  Apache isn't responsible for those rights 

If your goal is to ensure that your licensees have all necessary patent 
and copyright rights to create whatever derivative works they want from 
Apache's source code, you are bound to fail.  That is an impossible task.

As I mentioned before, Apache cannot force all patent licenses to be 
exactly congruent to the Apache license.  Patents and copyright focus on 
different aspects of IP, so their licenses necessary focus on different 
things.  Its best to think of the patent commitments that are being made 
to specifications, standards, and the like as being orthognal to the 
Apache source license.  The patent commitment applies to all 
implementations, not just Apache's, and is limited to actual 
implementations of the spec/standard/whatever.  If there is a necessary 
patent, all Apache can do is make sure that it is licensed so that those 
that use Apache's implementation are covered.

> If the answer is not "Yes, of course.", then I think there is a problem 
> ASF to proceed on this track. If the issue is only that the 
> can not claim "compliance", then I think it is less of a concern.

As far as I know, no one is debating the rules under which implementations 
are permitted to claim "compliance" with WS-Security.  OASIS doesn't do 
that.  They publish the specs, they don't police implementations.

In the end, Apache should be very careful not to set a standard that 
cannot be met.  If Apache will not implement a specification unless all 
owners of all copyrights and patents which could be infringed by all 
possible derivative works provide licenses which are unrestricted, then 
the list of specifications that Apache would be able to implement would be 
quite short.  All WS* specs would be off the list, as well as all specs 
published by W3C, OASIS, ECMA, and ANSI and don't even think about 
implementing anything related to Java or .NET. 

> Cheers
> Niclas


Staff Counsel, IBM Corporation  (914)766-1757  (tie)8-826  (fax) -8160
(notes) jthom@ibmus  (internet) jthom@us.ibm.com (home) jeff@beff.net
(web) http://www.beff.net/ 

View raw message