www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeffrey Thompson <jt...@us.ibm.com>
Subject Re: IBM's license for WS-Security - Take #2
Date Mon, 27 Jun 2005 15:27:37 GMT
Davanum Srinivas <davanum@gmail.com> wrote on 06/26/2005 08:28:08 AM:

> Jeff,
> Did you miss replying to this email? (or did i lose it in my spam 
> thanks,
> dims

     You didn't miss the reply.  I didn't reply as we were already 
exploring the basic issues on the other thread.

     For completeness, I'll include comments below, however, as you might 
be able to imagine, there isn't much interest in redrafting the details of 
a patent license that was published 3 years ago when there would be no 
practical effect to making changes.  Purely theoretical discussions are 
interesting, but when people's plates are already full, asking them to 
redo an agreement without a real reason isn't likely to be received well.

> On 6/23/05, Davanum Srinivas <davanum@gmail.com> wrote:
> > Jeff,
> > 
> > Here's the feedback on the IBM License (Sorry the U.S. Export clause
> > was only in the MSFT license and i wrongly copied it in the email i
> > sent to you).
> > 
> > thanks,
> > dims
> > 
> > ===============================================================
> > Some brief comments on the IBM license for WS-Security:
> > 
> > 1. The license would allow ASF to make, sell etc. only Licensed 
> > that are compliant with "all relevant portions of the Specification." 
> > are relevant portions? Is ASF willing to guarantee full compliance? 
> > 1.1 and 6.2.)

Yes, the code needs to be compliant with the Spec otherwise its not a 
licensed implementation of the spec.

> > 
> > 2. The license is nontransferrable. Under this license, ASF can't 
> > third parties to make Licensed Products, which is contrary to ASF's 
> > While the license purports to be sublicenseable, that sublicense 
> > only to "Subsidiaries," which is irrelevant to ASF's model or 
opensource in
> > general. (Section 1.3.)

ASF can't transfer the license or sublicense it to customers.  See our 
other discussion as to why that doesn't prevent Apache from creating and 
distributing implementations and why Apache's licensees are already 
covered for their use.

> > 
> > 3. ASF can't experiment with this patented technology unless it in 
> > afterwards executes this agreement. Prior infringment isn't excused
> > otherwise. So be careful until you decide to execute the agreement. 
> > 1.4)

If we had identified specific patents, I guess this could be an issue, but 
I'm not sure that it would have any practical effect.  If a patent holder 
sues someone for past patent infringement when there is a patent license 
available, the court is fairly limited on what it can award as damages. 
The royalty rate on the license (potentially trebled) is for all practical 
purposes the cap.  Since the license being offered is for $0, there would 
be no damages available to the patent holder for the past infringment.  So 
there is no reason for the patent holder to pursue anyone for past 
infringment.  In any event, its a valid observation about the license, 
which I don't think will have a practical impact on Apache, but I'll pass 
it on for the next time.

> > 
> > 4. The patent termination provision (section 2.2) is very broad and 
> > to any claim for patent infringement. Such provisions have been 
denounced by
> > several companies, and ASF changed its Apache 2.0 license in response 
> > such criticism. Now IBM is resurrecting it here.

IBM wants to discourage patent litigation.  I understand that different 
people have different opinions on how to best do that, but there is no 
requirement that Apache and IBM take exactly the same approach.  Remember, 
this patent license is orthogonal to the Apache license.

> > 
> > 5. For some reason, IBM has the right to publicise the agreement but 
> > other party doesn't. (Section 5.2.). This lack of balance of rights in 
> > licenses always troubles me. Furthermore, why that restriction?

Interesting observation.  I don't know the reason behind that, but I'll 
pass the issue on for the next time.

> > 
> > 6. The license requires formal execution. (Section 5.6.) That kind of
> > licensing friction doesn't work for open source downstream licensees 
> > intend to make, use, sell, etc., Licensed Products or derivative 

We've discussed this one.  Apache's licensees don't need to execute a 
license for their use of Apache's implementation.  Actual signatures by 
the few companies that are creating implementations isn't the lowest 
friction approach, but it isn't onerous either.  And as I mentioned 
before, covenants not to assert are being considered for future standards.

> > 
> > 7. This license doesn't include a copyright license to "implementation
> > examples." So be careful not to copy those examples when implementing 
> > Specification. (Section 6.1, final sentence.)

To pick a nit, the patent license doesn't include a copyright license at 
all, let alone a copyright license to the examples.  The purpose of that 
sentence is to make it clear that the specification really means the 
normative sections of the document, not examples, and not other stuff that 
doesn't describe what has to be done to comply with the spec. 
Theoretically, a example could include lots of stuff that isn't 
WS-Security and we want no confusion as to what is being licensed. 

However, I don't disagree with your conclusion.  From a lawyer's 
perspective, its better not to copy example code.  Read it.  Understand 
it.  Write your own code.

> > ===============================================================


Staff Counsel, IBM Corporation  (914)766-1757  (tie)8-826  (fax) -8160
(notes) jthom@ibmus  (internet) jthom@us.ibm.com (home) jeff@beff.net
(web) http://www.beff.net/ 

View raw message