RE: [wss] Re: WSS IPR Statement?

[William Z Pope <zpope@pobox.com>]

Hi all,
Has there been a reply to this?  Some of the issues raised here have
consequences for those who want to include WS-Security in products
as well as for anyone providing a free toolkit.  The mechanics of
this don't look too good from my current understanding.

If we buy an implementation for inclusion with our product do we have
to negotiate a seperate license agreement?

Do our customers have to get a license too?

I would be happy to hear what is intended and then let various
lawyers work out how to say it.

Thanks,
=bill

-----Original Message-----
From: Frank Siebenlist [mailto:franks@mcs.anl.gov]
Sent: Thursday, November 14, 2002 1:41 PM
To: wss@lists.oasis-open.org
Subject: [wss] Re: WSS IPR Statement?


Ok, I'll assume for now that the currently published WSS IPR statement is
the valid one - it was probably wishful thinking on my
part that someone would replace it with an new, easier to read one ;-)

There was some dicussion in the first f2f meeting about the IPR issues that
made me believe that the WSS spec and anything that
would be based on it, would be made available on a RF basis by the
submitting companies.
When I read the IPR statement at
"http://www.oasis-open.org/committees/wss/documents/ipr_statement.shtml";, it
wasn't completely
clear to me how that all would work. After receiveing some additional
comments and questions from our legal counsel, I was hoping to
get some clarification about the terms and conditions of the license under
which this spec and derived technologies, are made
available to the community.

For reference, the two relevant paragraphs from the WSS IPR statement are:

----
1. Each Author grants permission to OASIS and OASIS members the right to
copy, display, perform, modify and distribute the Web
Services Security ("WS-Security") draft specification and to authorize
others to do the foregoing, in any medium without fee or
royalty, for the purpose of further developing the WS-Security specification
in the WSSTC as set forth in the draft WSS TC charter.

2. Each Author commits to grant a non sub-licenseable, non-transferable
license to third parties, under royalty-free and other
reasonable and non-discriminatory terms and conditions, to certain of their
respective patent claims that such Author deems
necessary to implement required portokions of the WS-Security specification,
provided a reciprocal license is granted.
----


What follows is a list of observations and questions concerning the
statement:


a/ As stated in (1.), the royalty free license seems only for the purpose of
development, not
implementation, of WS-Security specifications, and is granted only to OASIS
members.

The WSS-IPR statement is "...In addition to the rights and representations
provided for in the OASIS Policy on Intellectual Property
Rights...".

Could you please clarify what the above statement (1.) adds to the OASIS
one?


b/ This statement grants a non sub-licenseble, non-transferable license to
third parties.

The organization that I work for is developing a toolkit based on the
WS-Security specification. We make this toolkit available to
anyone as free (as in beer), open source software under a BSD-like license.
Do the terms "non sub-licenseble, non-transferable" mean, that other
academic and commercial parties will be unable to build their
applications and product on top of our toolkit under the same RF conditions?
If so, what is the process to allow these third parties to do so?


c/ The statement reads: "...under royalty-free and other reasonable and
non-discriminatory terms and conditions..."

What are these additonal RAND terms and conditions?


d/ "Each Author commits to grant...license to third parties...provided a
reciprocal license is granted."

If a third party doesn't have any IP claims in this area, do they still need
to provide a reciprocal license?
If so, what is the process to obtain such a license from the Authors, and
what are the terms and conditions associated with such a
license?


e/ The license is granted "...to certain of their respective patent claims
that such Author deems necessary to implement..." , but
there doesn't seem to be any objective criteria for what is necessary.

Could the submitters clarify this statement?


f/ We assume that the ws-security profile specifications (kerberos,
username/password, X.509) are part of the WS-Security spec and
therefor covered by this IPR statement.

This does not include any additional profiles that the community may want to
develop and deploy, which would imply that additionally
defined profiles may not be made available under the same terms and
conditions.

The IP issues surrounding subsequent profiles is something we fear as more
and more standards, like WS-Security are drafted as
"frameworks", which by themselves are not very useful to guarantee
interoperability without the profile definitions.

Could this be a reason to extend the charter to include more profiles such
that the community doesn't have to deal with the
subsequent associated IPR issues?

Do the submitters currently have plans to publish such additional profiles
under different and non-RF terms and conditions?


g/ It's not clear if the OASIS Board of Directors has been formally notified
of claimed patent rights.

Could you please clarify.


h/ We assumed that "portokions" is a typo for "portions".

... but with that legal lingo, one can never be sure...


i/ The signators of the IPR statement make no representation that they have
the authority to
grant such rights.

Are they empowered to do so by IBM, Microsoft and VeriSign?
(nothing personal ... just a question from our lawyer)


That's all for now.

Thanks, Frank.




Frank Siebenlist wrote:

> Before asking any further questions, I just wanted to confirm that the
> IPR statement at:
>
> "http://www.oasis-open.org/committees/wss/documents/ipr_statement.shtml";
>
> is the correct and most recent one concerning the WS-Security specs.
>
> (I remember there were some discussions about it at the first meeting...)
>
>
> Thanks, Frank.
>
>

--
Frank Siebenlist              franks@mcs.anl.gov
The Globus Project - Argonne National Laboratory


----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>