[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [chairs] Patent license friction...
IMHO, having spent most of my life as a lawyer, the problem has yet another dimension that has not been touched upon by any of the posts which appear below. Just as words in a land grant claim define geographical boundaries, so patent claims define the scope of an invention's applicability. Columbus lands on an island in the Carribean, pokes a flag into the ground, and claims all of the uncharted area as belonging to Spain. That turns out to be the entire Western hemisphere. Patents are intentionally designed to do the same (or a similar) thing. Standards try to enable interoperability around common tasks, generally in particular industries. We have interchangeable light bulbs largely because the light bulb housings are standard. How can one determine when standardized ways of doing things will require people to do things that are governed by patent claims? The OASIS IPR further distinguishes between essential and non-essential claims. Applying that distinction in light of the foregoing requires a careful legal analysis of how important the claim is to the working of the standard. There can be no easy or simple answer in most situations. The foregoing is not legal advice and no attorney-client relationship is created. > -------- Original Message -------- > Subject: RE: [chairs] Patent license friction... > From: "David RR Webber (XML)" <david@drrw.info> > Date: Fri, April 28, 2006 6:39 am > To: "Philpott,Robert" <rphilpott@rsasecurity.com> > Cc: Chairs OASIS <chairs@lists.oasis-open.org>, "ext Wachob,Gabe" > <gwachob@visa.com>, Frederick Hirsch <frederick.hirsch@nokia.com> > > > Rob, > > Mea culpa - the RF piece is obviously the right solution - and I ommitted > that by assumption. > > Glad to hear you are working toward RF agreements with all the > stakeholders. > > Having an IPR that supports RF as the pre-supposition, along with > best-case avoidance - is also in line with what the OSI is seeking. > > I do see an important distinction here - and as you note - participants > in work need to understand the ground rules so that everyone can derive > the benefits of collaborating together and feel good about the products > developed. > > We can never fully guarantee against the risk of submarining from the PTO > - but as the W3C has shown on a number of occassions - having a body of > longstanding open public work is effective in countering PTO assignments. > > While the PTO continues to create a Alice in Wonderland world - we can at > least strive ourselves to have our own work operating in a more rational > and scientific basis. > > I believe the OSI has taken a strong stance - and that OASIS needs to > also support this. Right now we're in danger of endorsing the Alice in > Wonderland world and software development by patent lawyer funded by the > PTO. > > Patrick's comments - > http://news.zdnet.com/2100-9588_22-5585711.html?tag=nl.e589 and > > his response to my previous requests on this: > > http://lists.oasis-open.org/archives/chairs/200602/msg00043.html > > but there still appears to be a stand-off here and no actions designed to > bring this to successful closure - such as a joint press release from > OASIS and OSI on the resolution. Until then - this is still stuck in > limbo it seems.... > > > Thanks, DW > > > -------- Original Message -------- > Subject: RE: [chairs] Patent license friction... > From: "Philpott, Robert" <rphilpott@rsasecurity.com> > Date: Fri, April 28, 2006 9:00 am > To: "David RR Webber (XML)" <david@drrw.info>, "Frederick Hirsch" > <frederick.hirsch@nokia.com> > Cc: "Chairs OASIS" <chairs@lists.oasis-open.org>, "ext Wachob,Gabe" > <gwachob@visa.com>, "Philpott, Robert" <rphilpott@rsasecurity.com> > > > First, IANAL, but I’ve had to work with them a lot over the last > 4+ years re: IP issues on SAML… See my 2 cents below… > > Rob Philpott > Senior Consulting Engineer > RSA Security Inc. > Tel: 781-515-7115 > Mobile: 617-510-0893 > Fax: 781-515-7020 > Email: rphilpott@rsasecurity.com > I-name: =Rob.Philpott > > > From: David RR Webber (XML) [mailto:david@drrw.info] > Sent: Thursday, April 27, 2006 11:43 PM > To: Frederick Hirsch > Cc: Chairs OASIS; ext Wachob,Gabe > Subject: RE: [chairs] Patent license friction... > Gabe, > > Of course the other option is to have TC work that precludes patented > material. > [RSP] Sure, TC’s can (and probably should) always try to do this. > But try as you might, this sometimes just isn’t possible. And none > of us can forget that no matter what IPR policies OASIS makes available > and a TC adopts, there can very well be firms that aren’t OASIS > members and aren’t participating in a TC’s work that might > holds patents applicable to the TC’s work. Even after the standard > is approved and implemented, someone can come forward and try to claim > patent infringement. It’s difficult to design around patents you > don’t know about. > I still do not see any IPR policy that specifically supports that option > - other than the legacy policy. > [RSP] My point is that I’m not sure something like this can be > satisfactorily codified in an official policy option. Sure, you might > say that the TC MUST NOT include any known patented technology, but this > seems VERY risky to me and I don’t think I’d waste my time on > such a TC. Your TC could go all the way through the development of your > standard and go thru your public review only to then find as a result of > the public review that someone holds some related IP. What in the world > would you do then? You’re now in violation of your TC’s IPR > policy and have to either start over to work around the IP or just give > up. Seems like a waste of time to me if you could just get the IP > holders to offer the IP on an RF basis. > To my knowledge the BOD - despite Patricks assertions that OASIS would - > still has made no effort to accommodate the OSI concerns in this regard > nor arranged any conference calls or interactions with OSI to move toward > having OASIS TC work able to comply to OSI licensing needs. [RSP] I do > think these concerns should be specifically addressed (if they > haven’t already – but I don’t recall seeing any > announcement). > > For the life of me I cannot see anything in SAML that anyone could > legitimately claim to have a patented invention around. But then again > people have patents on the menu key sequence for bank ATMs - clearly a > ground breaking invention - key pad sequences. Would be interesting to > know exactly what about SAML is using such a unique mechanism that it is > a patented system? > [RSP] “Legitimacy” is defined through the patent office (US > and others) and by the courts if necessary; not by individuals like you, > me, or other technologists participating in the TC’s. Fairly late > in the SAML 1.0 TC’s work, RSA’s chief scientist came to me > and said he firmly believed that 2 patents we held were directly > applicable to a specific mechanism being used by SAML for web SSO. I had > not known about the patents and it wasn’t intuitively obvious to me > at first, but he made a very strong case and convinced me of their > applicability. I was then obligated to bring it to the TC’s > attention. If the SSTC had a policy of not including any > “known” patented IP, the SSTC would have been forced to stop > its work, analyze the IP, and figure out if it was possible to design > around it. Even IF there are those that didn’t believe the patents > were relevant, it would take a court case to decide that should RSA > continue to insist that they did. SAML 1.0 could have been delayed > perhaps by years since it would have meant fighting the battle against > the claims or redesigning SAML to work around them. Instead, RSA > “donated” the IP on an RF basis in order to promote the > standard’s acceptability to the industry. Later, during SAML > 2.0’s development, we incorporated technology contributed by > members of the Liberty Alliance which brought some additional IP into > play that was claimed by other companies. All of the companies involved > then offered the IP on an RF basis. > Assuming the patent may fall under the not-really-an-invention-at-all > category - hopefully the SAML TC can re-factor their work so that it does > not rely on any dubious or questionable patents in the first place... > [RSP] That is just NOT going to happen. It is irrelevant whether > everyone might think a patent claim is dubious or has questionable > applicability. Redesigning around the IP would be difficult and > time-consuming. IMO, the best solution to this is to work with any > companies that believe they hold applicable IP to get them to license > that IP on an RF basis. The OASIS IPR policy makes it explicit up front, > and IMO, goes a long way toward helping to solve this issue. Is it > perfect? Obviously not (as indicated by the OSI issue), but it > represents the will of the general OASIS community at the time it was > adopted. W.r.t. SAML, all the companies involved have offered the IP > on an RF basis. IMO, the REAL issue in all of this is the type of > license that those companies require adopters of the standard to accept > in order to obtain that RF use of the IP. For the RSA patents we declared > durin SAML 1.0, we required implementers to download, sign and mail back a > license (this was a fairly typical approach at the time). More recently, > companies with IP affecting open standards have been using a > “defensive suspension” provision for licensing whereby you > are granted rights by the IP holder without having to sign anything, but > the rights are revoked if you ever try to claim patent infringement > against that IP holder. Specifically w.r.t. SAML 2.0, AOL offered this > type of licensing. Fidelity “meant” their license to work > the same way, but it turns out the legal language was ambiguous. We have > been working to attempt to get this fixed. RSA just kept their same > approach that was in place from SAML 1.x, but we also have been working > to change our license to a defensive suspension provision as well (stay > tuned). > DW > -------- Original Message -------- > Subject: Re: [chairs] Patent license friction... > From: Frederick Hirsch <frederick.hirsch@nokia.com> > Date: Thu, April 27, 2006 5:51 pm > To: "ext Wachob, Gabe" <gwachob@visa.com> > Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, "Chairs OASIS" > <chairs@lists.oasis-open.org> > > Gabe > > I believe the SSTC is operating under the legacy IPR policy. TCs > under the current (new) policies incur much clearer and well- > understood obligations, which should go a long way toward reducing > friction and confusion. > > In general I believe the reason law tends to be difficult is that it > is difficult to clearly state in language precise rules where the > concerns of various parties are met. The new OASIS policy attempts to > do this as clearly as possible, specifying the "features" of the > license that may be used in the different IPR modes, providing more > clarity on the licenses that may be obtained. > > However, within the scope of the OASIS policy it is the right of a > patent holder to write their license. Likewise it is not unreasonable > to have more than one means of obtaining a license from a patent > holder, although it may be in everyone's interest to make it easier. > > In the specific example, I would take the "would" to indicate that a > license will be granted if and when needed, which seems reasonable. > I'd recommend consult your attorney for advice if you haven't already > done so. > > However, I believe the current IPR policy is a big step forward > toward clarity. However, as you note, it is realistic to expect to > contact patent holders for licenses as needed. > > Thanks > > regards, Frederick > > Frederick Hirsch > Nokia > > [1] http://www.oasis-open.org/who/intellectualproperty.php > > On Apr 27, 2006, at 4:59 PM, ext Wachob, Gabe wrote: > > > This is a real basic questions that has been nagging at me for > > quite a while. > > > > Lets say I want to use a OASIS specification (lets take SAML 2.0 - > > I'm not picking on them - but it makes a good illustration). I note > > that there are various IPR disclosures at http://www.oasis-open.org/ > > committees/security/ipr.php - and some of these disclosures state > > that the patent owners *will* license their Patents for the purpose > > of SAML. Some express covenants not to assert claims. Some point to > > blanket licenses on web sites. > > > > If I were a lawyer I would find this situation a) confusing, b) > > scattered and c) potentially dangerous. For example, on that page, > > Fidelty states that it "would grant to any other person or legal > > entity a royalty-free, nonexclusive, nontransferable, license under > > Fidelity's NECESSARY CLAIMS to implement the SAML v2.0 OASIS > > Standard, and sell, promote or otherwise distribute the resulting > > implementation. " > > > > Note the word "would". I don't see that Fidelty actually *has* > > granted a license. Thus, while they would now have a hard time > > enforcing the patent (given theories of estoppel, etc), I don't > > believe that Fidelty actually *has* granted a license. It appears > > that I have to go to Fidelty and get a license if I wish to use > > SAML. (Not picking on Fidelity - they are just first on the list of > > disclosers). > > > > Are people aware of this? Do users of SAML specifications actually > > know that they apparently aren't actually licensed to use the > > patents that Fidelity believes it has? Doesn't this (or rather, if > > lawyers were paying attention, *shouldn't* this) be a concern? I > > realize this TC operated under the legacy IPR policy - I wonder how > > that affects things. > > > > If a implementer/user of SAML were to actually be careful with > > their use of the SAML specs, they'd actually have to contact > > Fidelity to execute the license. I think this should be > > highlighted! If a contributor wants to contribute, and they don't > > offer a covenant or other blanket license (or a URL to a blanket > > license, etc), this potentially increases the friction for adoption. > > > > In an ideal world, there'd be one patent license that every patent- > > holder contributor would agree to -- I'm not naive to believe that > > would happen (or that OASIS could force that to happen), but I do > > believe in notice. Only as a persistent person who actually read > > the entire IPR disclosure page did I notice that to use SAML 2 I > > have to somehow negotiate a license with Fidelity.. Most people > > aren't going to do this and will be blissfully ignorant. > > > > I think as a practical matter, most patent holders who are > > contributing to OASIS specs don't really want to deal with > > individual licensing -- but OASIS IPR policy doesn't really push or > > guide patent holders to put up blanket unilateral licenses -- its > > up to each IPR holder to license (or covenant) in what ever way > > they want. > > > > THE PROPOSAL: > > I think, in short, that OASIS should guide patent holders towards > > the lowest friction licenses possible by suggesting (not forcing) > > patent holders to use a standardized license (or at least suggest > > that patent holders post a "click-through" or unilateral license). > > > > -Gabe > > > > P.S. If I'm wrong about any of the facts, please let me know ... I > > could have easily missed something. > > __________________________________________________ > > gwachob@visa.com > > Chief Systems Architect > > Technical Innovation and Standards Management > > Visa International > > Phone: +1.650.432.3696 Fax: +1.650.554.6817 > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]