[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Liberty IPR Issues (was: Liberty ID-FF 1. 2 submission to the SSTC)
Folks - Preface to my comments: IANAL- and sorry this is long-winded... Tony sent out the pointer to the WSS IPR page, but I think he should have referred to item 2 on that page instead of item 1 when discussing implementation. As a couple of folks have pointed out, item 1 in the WSS IP declaration refers only to permission for the WSSTC to create derivative works from WS-Security without copyright issues. So far, (I believe) this is the only part that SSTC has in place for ID-FF... i.e. the rights for the TC to create a derivative work from the Liberty ID-FF specs. I don't feel we have any problem here (although Tony may still disagree). Now... Item 2 in the WSS IP declaration states: "2. Each Author commits to grant a non sub-licenseable, non-transferable license to third parties, under royalty-free and other reasonable and non-discriminatory terms and conditions, to certain of their respective patent claims that such Author deems necessary to implement required portokions of the WS-Security specification, provided a reciprocal license is granted." This promises that the "authors" of the original WSS spec that was contributed to WSSTC will grant RF-reciprocal license rights to anyone implementing the OASIS TC spec for any IP claims ***that the Authors have*** that are needed to implement the specs. Note that this DOES NOT MEAN that ALL companies that have IP claims needed to implement WSS are going to do this. It JUST applies to the authors of the original WSS spec that was contributed (or presumably the authors' respective companies - even though that's not really what it says). Other companies MAY have IP needed to implement WSS that they don't want to offer RF-reciprocal. When those are known, implementers will need to obtain licensing on whatever terms the claim holders wish to use. So far, RSA has made a claim, although it is RF-reciprocal also. Are there others? Who knows? ContentGuard is the only other company that I know of that has made any statement to WSSTC regarding IP (and they claim they have none needed to "practice" what's in a specific version of the WSSTC's specs). So I think Tony's statements have been factually correct w.r.t. the Authors of the original WSS spec submission. But he can't claim that there won't be any IP issues for implementing WSS. Now w.r.t. to SSTC, the submitters of the ID-FF specs to SSTC have NOT made any statement regarding licensing to IP claims required to implement any derivative works we create. To be completely consistent with what happened for the original WSS spec contribution, the contributors of the ID-FF specs [Jason Rouault (HP), Jeff Hodges (Sun), Frederick Hirsch (Nokia), and myself (RSA)] would need to make a statement that we are willing to grant RF-reciprocal licensing to any IP claims needed to implement the SAML spec's that include ID-FF or derivative works of the ID-FF contribution. This does not mean that we would be claiming that ALL companies with IP are granting RF-reciprocal rights. "We" can't do that, of course (just like the original WSS authors can't do it in WSSTC). As one of the contributors of the ID-FF specs to SSTC, I am willing to make a statement that RSA will offer RF-reciprocal licensing for implementing SAML that includes derivative ID-FF content. If the other contributors also do this, then I believe we will have done exactly as was done in WSS. Again, this does NOT address any IP claims that other companies may have for implementing the derivative works. The known ones are listed on the Liberty site and have been mentioned in this email thread. If those companies' claims are going to be problematic for implementers of future SAML specs, then we (SSTC) will need to be careful about moving ahead and actually including that technology in the spec. Again - IANAL!, but that's my viewpoint on this matter. Rob Philpott RSA Security Inc. The Most Trusted Name in e-Security Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020 mailto:rphilpott@rsasecurity.com > -----Original Message----- > From: Eve L. Maler [mailto:eve.maler@sun.com] > Sent: Wednesday, December 03, 2003 11:33 AM > To: Anthony Nadalin > Cc: security-services@lists.oasis-open.org > Subject: Re: [security-services] Liberty IPR Issues (was: Liberty ID-FF 1. > 2 submission to the SSTC) > > Anthony Nadalin wrote: > >>I did read the document. Please show the wording that you think > provides the derivative rights. > > > > Its pretty clear, in "Each Author grants permission to OASIS and OASIS > > members the right to copy, display, perform, modify and distribute the > Web > > Services Security ("WS-Security") draft specification and to authorize > > others to do the foregoing, in any medium without fee or royalty, for > the > > purpose of further developing the WS-Security specification in the WSSTC > as > > set forth in the draft WSS TC charter". I suggest you take this to your > IP > > folks or are you asking for derivative rights for what the WSS-TC > creates ? > > This has to do with copyright (the text of the specification as > submitted), not patent licensing. Are you saying that this is what has > not been secured in the case of the Liberty contributions? If so, I > don't think it's true: > > http://www.oasis-open.org/committees/security/ipr.php > "Our Liberty Alliance Agreements grant, with board approval, copyright > licenses needed to prepare derivative works, among other activities, as > required by the OASIS IPR Policy, section 3.1(1)." > > Eve > -- > Eve Maler +1 781 442 3190 > Sun Microsystems cell +1 781 354 9441 > Web Products, Technologies, and Standards eve.maler @ sun.com > > > To unsubscribe from this mailing list (and be removed from the roster of > the OASIS TC), go to http://www.oasis- > open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]