[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Liberty IPR Issues (was: Liberty ID-FF 1.2submission to the SSTC)
On seeing Tony's original queries, I did some research with Liberty folks on the IPR situation. Conor has provided some information already in response to Hal's message; following is additional info that puts things into the OASIS context a bit more. Bill Smith of Liberty has agreed to be available for questions if we discuss this in today's call. The OASIS IPR policy[1] puts a priority on disclosure of the existence of intellectual property rights, with efforts made by OASIS to secure openly specified RAND terms where these have not already been offered. It should be noted that there is no requirement that such terms be offered or received. The Liberty contributions are fully in compliance with this policy. The Liberty Alliance IPR policy[2] goes considerably farther than OASIS's, requiring its members to grant licenses to Necessary Claims, with default licensing terms being Royalty Free. Members may withdraw from this default grant by filing a Necessary Claims Disclosure Notice (NCDN) and instead offer RAND terms. Five of the approximately 150 Liberty participants have chosen to file NCDNs[3][4][5][6][7], with three for issued patents and two for pending applications. RF terms have been specified in each case where a patent has been issued. RAND terms -- the minimum required -- have been specified in each case where a patent is pending (Catavault and Citigroup), though it is unclear whether those patents will ever issue or in what form they might issue (relevant claims might be refused). Confidentiality provisions prevent more detailed disclosure at this time. To summarize, approximately 148 Liberty members are committed to offer Royalty Free licenses to their Necessary Claims. Two participants have offered RAND licenses to Necessary Claims based on pending patents that may never issue. A total of five participants have issued NCDNs. Rather than placing an "unknown burden" on implementors, Liberty provides considerable assurance regarding licensing terms. Thus, the situation is much the same for the Liberty contributions as for SAML 1.0, which has a disclosure from RSA Security, Inc. (which indeed offers royalty-free licensing terms[8] despite any assertions to the contrary). For that matter, the contributions are very much in the same situation as other OASIS technologies such as XACML, where a disclosure from IBM indicates that in princple it will offer RAND licensing terms should its pending patent applications in this area issue[9]. [1] http://www.oasis-open.org/who/intellectualproperty.php [2] http://www.projectliberty.org/specs/ipr.html [3] http://www.projectliberty.org/specs/AOLTable.html [4] http://www.projectliberty.org/specs/Fidelitytable.html [5] http://www.projectliberty.org/specs/Sonytable.html [6] http://www.projectliberty.org/specs/Catavaulttable.html [7] http://www.projectliberty.org/specs/Citigrouptable.html [8] http://www.oasis-open.org/committees/security/ipr.php [9] http://www.oasis-open.org/committees/xacml/ipr.php Conor P. Cahill wrote: > > Hal Lockhart wrote on 11/24/2003, 5:08 PM: > > > I share Tony's concerns that the nature of the IPR applying to the > > Liberty submission is not clear enough. Five companies are listed > > on the link provided by Tony on the Liberty Web site. (BTW, I > > looked in vain for this link, I don't know how Tony managed to > > find it.) > > There is a link for it on the specifications index page > (http://www.projectliberty.org/specs/index.html). > > > The claims of Time Warner and Fidelity are listed as RF. > > Yes. > > > The claims of Citigroup and Catavault are listed as RAND and > > unfortunately their description of what their patents cover > > is too broad to be useful. > > Both of these are related to patent applications, not issued patents, so > there is no way to reasonalby discover what will be covered since they > don't have any issued claims yet (and there's no guarantee that they will). > > > The claim from Sony is most troublesome. It simply says "Please > > contact Sony Corporation. > > I agree that it would be useful for this to be clarified further. > > > I note that Sony (Corporation of America) and Fidelity are OASIS > > members and therefore have agreed to the OASIS IPR policy. As far > > as I can tell the other three organizations are not OASIS members. > > Two points here: > > a) Membership in the Liberty alliance (which requires companies > to disclose IPR as part of the approval process for Liberty > specifications) does not mean that the company is a > "contributor" of the specification to OASIS. In other words, > these specifications were contributed by specific members and > not the entire organization. > > b) I do believe that AOl is a member of OASIS (hence my participation). > > > The Liberty submission may comply with the literal wording of the > > OASIS IPR policy, but it is far from the spirit of "full disclosure." > > The problem here is one for lawyers. Liberty was made aware of some > real and some potential IPR that the holders claimed applies to some of > the work done by Liberty. In some cases, Liberty received nothing more > than that (a statement that says "hey, we think something you're doing > is covered by our patent application"). In other cases Liberty recevied > more detailed analysis by the company as well as a statement as to the > licensing terms. Liberty has reported the information that it has received. > > Note that Liberty has not done any analysis of the claims for validity, > nor has there been any legal review, internal or external, of the claims > (and neither does OASIS or any other standards body that I am aware of > -- unless, of course, litigation has been instigated by one of the parties). > > So, Liberty has reported on what the potential claims have been. > Outside of those claims, the Liberty member agreement requires RF/RANDZ > from all members to all implementors -- something that is much stronger > than OASIS' IPR policies. > > Conor -- Eve Maler +1 781 442 3190 Sun Microsystems cell +1 781 354 9441 Web Products, Technologies, and Standards eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]