Mike, See comments below:
On 16 July 2014 15:54, Mike Jones <[email protected]> wrote: > OK - looking back at the parameter name change example, I agree that this > was first discussed in the OAuth WG and was adopted by both specs at about > the same time, so I agree that that's an example of information flowing in > the other direction. (I doubt that anyone will assert IPR about a > parameter name change, so I suspect that instance was innocuous.) When > some of the same people were in two working groups doing highly related > things, I suppose some of that was bound to happen, despite the best of > intentions. However, it's still my assertion that the core inventions in > Connect Registration were independently developed, syntax tweaks made later > for compatibility reasons aside. > > Be that as it may, and having thought about it some more, I'm not going to > stand in the way of acknowledging UMA in the OAuth Registration spec if > people believe that that's the right thing to do. People who know me know > that I'm all in favor of giving credit where credit is due. I'd thought > that all the UMA content had been replaced, but if I'm wrong about that, so > be it. > That is fine - if the content has been removed then just don't give the credit - I'm fine both ways. > > What would be the right reference for the UMA registration specification > in the acknowledgement? > This is the latest doc that was ever produced, as far as I am aware of: http://tools.ietf.org/html/draft-oauth-dyn-reg-v1-03 Kind regards, Maciej > > -- Mike > > -----Original Message----- > From: Justin Richer [mailto:[email protected]] > Sent: Wednesday, July 16, 2014 5:54 AM > To: Mike Jones; Hannes Tschofenig; [email protected] > Subject: Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation > > It's quite true that the OIDC draft predates -00 of the IETF draft, and > I'm sorry if that was unclear from what I said as I was not intending to > misrepresent the history. And it's true that the UMA draft predates both of > these by a fair whack and at the very least provided inspiration in how to > accomplish this task, and in fact draft -00 was a straight copy of UMA. As > Mike mentions below, draft -01 (when I took over the editor > role) incorporates a lot of text from the OIDF draft alongside the UMA > text, which is why that document has eight authors on it. > > However it's not true that information didn't flow both ways, or that > everything from UMA was eventually expunged. It's fairly clear if you look > at the document history that there was a lot of back and forth. The JSON > formatting in the IETF draft, for example, exists in -00 and came from UMA, > was switched to form encoding from in -01 (from OIDC), and with lots of > discussion here in the WG (both before and after the > change) was switched back to JSON in -05. At that time, there was a > discussion in the OIDF working group of whether to adopt the JSON > formatting as well in order to maintain compatibility, and OIDF decided to > do so. There were other instances where parameter names and other ideas > began in the IETF and moved to OIDF's spec, like changing "issued_at" to > the more clear "client_id_issued_at". These were breaking changes and not > entered into lightly, and I was there for those discussions and still > contend that OIDF made the right call. > > If the OIDF wants to frame that decision as "we decided independently to > do a thing for the greater good" as opposed to "we adopted ideas from > outside", then it's free to do so for whatever legal protection reasons it > likes. It's perfectly fine with me that the OIDF represent itself and its > documents how it sees best. But it's not OK with me to discount or > misrepresent the history and provenance of the ideas and components of this > IETF document in the IETF and I'd like to include the modified statement I > posted below in the introduction text of the next revision. > > -- Justin > > On 7/16/2014 8:34 AM, Mike Jones wrote: > > I disagree with one aspect of Justin's characterization of the history > of the spec and have data to back up my disagreement. The OpenID Connect > Dynamic Registration Specification was not based on > draft-ietf-oauth-dyn-reg-00 or the UMA specification. It was created > independently by John Bradley in June 2011 based upon OpenID Connect > working group discussions that predated draft-ietf-oauth-dyn-reg-00, and > for which there are working group notes documenting the OpenID Connect > working group decisions prior to the IETF -00 draft. Yes, there's plenty > of evidence that the IETF -01 draft copied text from the early OpenID > Connect draft (including in the change history), but the Connect authors > were careful to follow the OpenID Foundation's IPR process and not > incorporate contributions from third parties who hadn't signed an OpenID > IPR Contribution Agreement stating that the OpenID Foundation was free to > use their contributions. (This fills the same role as the IETF Note well, > but with a signed agreement, and ensures that all developers can use the > resulting specifications without IPR concerns based on IPR that may be held > by the contributors.) The OpenID Connect Dynamic Registration draft didn't > copy from the UMA draft or the IETF draft derived from it, so as to > maintain the IPR integrity of the OpenID document. The copying all went in > the other direction. > > > > If portions of the UMA draft remained from -00 in the current drafts, > > I'd be fine with the UMA attribution, but in practice they don't. The > > UMA content was replaced with the OpenID Connect content. (I believe > > that eventually UMA decided to drop their old draft and move to > > registration mechanisms that were compatible with Connect as well, and > > stopped using their previous registration data formats.) > > > > -- Mike > > > > -----Original Message----- > > From: Justin Richer [mailto:[email protected]] > > Sent: Wednesday, July 16, 2014 4:53 AM > > To: Hannes Tschofenig; Mike Jones; [email protected] > > Subject: Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation > > > > I like the idea of adding some of the text in the introduction, as I > agree the compatibility is an important (and hard-won) accomplishment. I > think taking Mike's text, expanding it, and putting it in the introduction > might serve the overall purpose just fine: > > > > Portions of this specification are derived from the OpenID Connect > Dynamic Registration [OpenID.Registration] specification and from the User > Managed Access [UMA] specification. This was done so that implementations > of these three specifications will be compatible with one another. > > > > > > These are both informative references, so we can reference the ID for > UMA. > > > > -- Justin > > > > On 7/16/2014 7:44 AM, Hannes Tschofenig wrote: > >> Interesting background information. Maybe we should then extend the > >> note Mike provided to also clarify the relationship with the UMA work > >> (both in terms to IPR, copyright, and attribution-wise). > >> > >> It would also make sense to state the relationship in the > >> introduction to highlight the compatibility, which I believe is a big > accomplishment. > >> > >> Ciao > >> Hannes > >> > >> On 07/16/2014 01:41 PM, Justin Richer wrote: > >>> I thought I had sent this note already, but I don't see it in the > >>> archives or in my 'sent' folder: > >>> > >>> If we're going to point to OpenID Connect (which I'm fine with), > >>> then we should clarify that portions were also taken from the UMA > specification. > >>> In fact, draft -00 actually *was* the UMA specification text entirely. > >>> This is also what the OpenID Connect registration specification was > >>> (loosely) based on when it was started. > >>> > >>> In reality, the relationship between these three documents from > >>> three different SBO's is more complicated: they all grew up together > >>> and effectively merged to become wire-compatible with each other. > >>> There were a number of changes that were discussed here in the IETF > >>> that OpenID Connect adopted, and a number of changes that were > >>> discussed at OIDF that were adopted here. OIDC also extends the IETF > >>> draft with a set of OIDC-specific metadata fields and editorial > >>> language that makes it fit more closely in the OIDC landscape, but > make no mistake: > >>> they're the same protocol. In the case of UMA, it's a straight > >>> normative reference to the IETF document now because we were able to > >>> incorporate those use cases and parameters directly. > >>> > >>> The trouble is, I'm not sure how to concisely state that all that in > >>> the draft text, but it's not as simple as "we copied OpenID", which > >>> is what the text below seems to say. > >>> > >>> -- Justin > >>> > >>> On 7/16/2014 6:17 AM, Hannes Tschofenig wrote: > >>>> Thanks, Mike. > >>>> > >>>> This is a useful addition and reflects the relationship between the > >>>> two efforts. > >>>> > >>>> Please add it to the next draft version. > >>>> > >>>> Ciao > >>>> Hannes > >>>> > >>>> On 07/15/2014 09:46 PM, Mike Jones wrote: > >>>>> So that the working group has concrete language to consider, > >>>>> propose the following language to the OAuth Dynamic Client > Registration specification: > >>>>> > >>>>> > >>>>> > >>>>> Portions of this specification are derived from the OpenID Connect > >>>>> Dynamic Registration [OpenID.Registration] specification. This > >>>>> was done so that implementations of this specification and OpenID > >>>>> Connect Dynamic Registration can be compatible with one another. > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Mike > >>>>> > >>>>> > >>>>> > >>>>> *From:*OAuth [mailto:[email protected]] *On Behalf Of *Mike > >>>>> Jones > >>>>> *Sent:* Tuesday, July 08, 2014 7:15 PM > >>>>> *To:* Phil Hunt; Hannes Tschofenig > >>>>> *Cc:* Maciej Machulak; [email protected] > >>>>> *Subject:* Re: [OAUTH-WG] Dynamic Client Registration: IPR > >>>>> Confirmation > >>>>> > >>>>> > >>>>> > >>>>> Thinking about this some more, there is one IPR issue that we need > >>>>> to address before publication. This specification is a derivative > >>>>> work from the OpenID Connect Dynamic Registration specification > >>>>> http://openid.net/specs/openid-connect-registration-1_0.html. > >>>>> Large portions of the text were copied wholesale from that spec to > >>>>> this one, so that the two would be compatible. (This is good > >>>>> thing – not a bad > >>>>> thing.) > >>>>> > >>>>> > >>>>> > >>>>> This is easy to address from an IPR perspective – simply > >>>>> acknowledge that this spec is a derivative work and provide proper > >>>>> attribution. The OpenID copyright in the spec at > >>>>> http://openid.net/specs/openid-connect-registration-1_0.html#Notic > >>>>> e s allows for this resolution. It says: > >>>>> > >>>>> > >>>>> > >>>>> Copyright (c) 2014 The OpenID Foundation. > >>>>> > >>>>> The OpenID Foundation (OIDF) grants to any Contributor, developer, > >>>>> implementer, or other interested party a non-exclusive, royalty > >>>>> free, worldwide copyright license to reproduce, prepare derivative > >>>>> works from, distribute, perform and display, this Implementers > >>>>> Draft or Final Specification solely for the purposes of (i) > >>>>> developing specifications, and (ii) implementing Implementers > >>>>> Drafts and Final Specifications based on such documents, provided > >>>>> that attribution be made to the OIDF as the source of the > >>>>> material, but that such attribution does not indicate an endorsement > by the OIDF. > >>>>> > >>>>> Let’s add the reference and acknowledgment in the next version. > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Mike > >>>>> > >>>>> > >>>>> > >>>>> *From:*Mike Jones > >>>>> *Sent:* Tuesday, July 08, 2014 10:06 AM > >>>>> *To:* Phil Hunt; Hannes Tschofenig > >>>>> *Cc:* John Bradley; Justin Richer; Maciej Machulak; [email protected] > >>>>> <mailto:[email protected]> > >>>>> *Subject:* RE: Dynamic Client Registration: IPR Confirmation > >>>>> > >>>>> > >>>>> > >>>>> I likewise do not hold any IPR on these specs. > >>>>> > >>>>> ------------------------------------------------------------------ > >>>>> - > >>>>> ----- > >>>>> > >>>>> *From: *Phil Hunt <mailto:[email protected]> > >>>>> *Sent: *7/8/2014 9:11 AM > >>>>> *To: *Hannes Tschofenig <mailto:[email protected]> > >>>>> *Cc: *Mike Jones <mailto:[email protected]>; John > >>>>> Bradley <mailto:[email protected]>; Justin Richer > >>>>> <mailto:[email protected]>; Maciej Machulak > >>>>> <mailto:[email protected]>; [email protected] > >>>>> <mailto:[email protected]> > >>>>> *Subject: *Re: Dynamic Client Registration: IPR Confirmation > >>>>> > >>>>> I confirm I have no IPR disclosures on this document. > >>>>> > >>>>> Phil > >>>>> > >>>>>> On Jul 8, 2014, at 4:54, Hannes Tschofenig < > [email protected] <mailto:[email protected]>> wrote: > >>>>>> > >>>>>> Hi Phil, John, Maciej, Justin, Mike, > >>>>>> > >>>>>> I am working on the shepherd writeup for the dynamic client > >>>>>> registration document and one item in the template requires me to > >>>>>> indicate whether each document author has confirmed that any and > >>>>>> all appropriate IPR disclosures required for full conformance > >>>>>> with the provisions of BCP 78 and BCP 79 have already been filed. > >>>>>> > >>>>>> Could you please confirm? > >>>>>> > >>>>>> Ciao > >>>>>> Hannes > >>>>>> > >>>>>> > >>>> _______________________________________________ > >>>> OAuth mailing list > >>>> [email protected] > >>>> https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > -- Maciej Machulak email: [email protected] mobile: +44 7999 606 767 (UK) mobile: +48 602 45 31 66 (PL)
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
