Interesting background information. Maybe we should then extend the note Mike provided to also clarify the relationship with the UMA work (both in terms to IPR, copyright, and attribution-wise).
It would also make sense to state the relationship in the introduction to highlight the compatibility, which I believe is a big accomplishment. Ciao Hannes On 07/16/2014 01:41 PM, Justin Richer wrote: > I thought I had sent this note already, but I don't see it in the > archives or in my 'sent' folder: > > If we're going to point to OpenID Connect (which I'm fine with), then we > should clarify that portions were also taken from the UMA specification. > In fact, draft -00 actually *was* the UMA specification text entirely. > This is also what the OpenID Connect registration specification was > (loosely) based on when it was started. > > In reality, the relationship between these three documents from three > different SBO's is more complicated: they all grew up together and > effectively merged to become wire-compatible with each other. There were > a number of changes that were discussed here in the IETF that OpenID > Connect adopted, and a number of changes that were discussed at OIDF > that were adopted here. OIDC also extends the IETF draft with a set of > OIDC-specific metadata fields and editorial language that makes it fit > more closely in the OIDC landscape, but make no mistake: they're the > same protocol. In the case of UMA, it's a straight normative reference > to the IETF document now because we were able to incorporate those use > cases and parameters directly. > > The trouble is, I'm not sure how to concisely state that all that in the > draft text, but it's not as simple as "we copied OpenID", which is what > the text below seems to say. > > -- Justin > > On 7/16/2014 6:17 AM, Hannes Tschofenig wrote: >> Thanks, Mike. >> >> This is a useful addition and reflects the relationship between the two >> efforts. >> >> Please add it to the next draft version. >> >> Ciao >> Hannes >> >> On 07/15/2014 09:46 PM, Mike Jones wrote: >>> So that the working group has concrete language to consider, propose the >>> following language to the OAuth Dynamic Client Registration specification: >>> >>> >>> >>> Portions of this specification are derived from the OpenID Connect >>> Dynamic Registration [OpenID.Registration] specification. This was done >>> so that implementations of this specification and OpenID Connect Dynamic >>> Registration can be compatible with one another. >>> >>> >>> >>> -- Mike >>> >>> >>> >>> *From:*OAuth [mailto:[email protected]] *On Behalf Of *Mike Jones >>> *Sent:* Tuesday, July 08, 2014 7:15 PM >>> *To:* Phil Hunt; Hannes Tschofenig >>> *Cc:* Maciej Machulak; [email protected] >>> *Subject:* Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation >>> >>> >>> >>> Thinking about this some more, there is one IPR issue that we need to >>> address before publication. This specification is a derivative work >>> from the OpenID Connect Dynamic Registration specification >>> http://openid.net/specs/openid-connect-registration-1_0.html. Large >>> portions of the text were copied wholesale from that spec to this one, >>> so that the two would be compatible. (This is good thing – not a bad >>> thing.) >>> >>> >>> >>> This is easy to address from an IPR perspective – simply acknowledge >>> that this spec is a derivative work and provide proper attribution. The >>> OpenID copyright in the spec at >>> http://openid.net/specs/openid-connect-registration-1_0.html#Notices >>> allows for this resolution. It says: >>> >>> >>> >>> Copyright (c) 2014 The OpenID Foundation. >>> >>> The OpenID Foundation (OIDF) grants to any Contributor, developer, >>> implementer, or other interested party a non-exclusive, royalty free, >>> worldwide copyright license to reproduce, prepare derivative works from, >>> distribute, perform and display, this Implementers Draft or Final >>> Specification solely for the purposes of (i) developing specifications, >>> and (ii) implementing Implementers Drafts and Final Specifications based >>> on such documents, provided that attribution be made to the OIDF as the >>> source of the material, but that such attribution does not indicate an >>> endorsement by the OIDF. >>> >>> Let’s add the reference and acknowledgment in the next version. >>> >>> >>> >>> -- Mike >>> >>> >>> >>> *From:*Mike Jones >>> *Sent:* Tuesday, July 08, 2014 10:06 AM >>> *To:* Phil Hunt; Hannes Tschofenig >>> *Cc:* John Bradley; Justin Richer; Maciej Machulak; [email protected] >>> <mailto:[email protected]> >>> *Subject:* RE: Dynamic Client Registration: IPR Confirmation >>> >>> >>> >>> I likewise do not hold any IPR on these specs. >>> >>> ------------------------------------------------------------------------ >>> >>> *From: *Phil Hunt <mailto:[email protected]> >>> *Sent: *7/8/2014 9:11 AM >>> *To: *Hannes Tschofenig <mailto:[email protected]> >>> *Cc: *Mike Jones <mailto:[email protected]>; John Bradley >>> <mailto:[email protected]>; Justin Richer <mailto:[email protected]>; >>> Maciej Machulak <mailto:[email protected]>; [email protected] >>> <mailto:[email protected]> >>> *Subject: *Re: Dynamic Client Registration: IPR Confirmation >>> >>> I confirm I have no IPR disclosures on this document. >>> >>> Phil >>> >>>> On Jul 8, 2014, at 4:54, Hannes Tschofenig <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Hi Phil, John, Maciej, Justin, Mike, >>>> >>>> I am working on the shepherd writeup for the dynamic client registration >>>> document and one item in the template requires me to indicate whether >>>> each document author has confirmed that any and all appropriate IPR >>>> disclosures required for full conformance with the provisions of BCP 78 >>>> and BCP 79 have already been filed. >>>> >>>> Could you please confirm? >>>> >>>> Ciao >>>> Hannes >>>> >>>> >> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
