RE: [OpenID] OpenID IPR Policy Draft

2006-12-07 Thread Gabe Wachob 
Ben-
I'm not sure what you are suggesting is the problem - is this just a
matter of timing? That is, could we remedy your issue by saying that you
have to issue the license before a certain event? This language is pretty
common - I'm not sure what else a policy could say? 

Are you suggesting that there is some sort of implied license or
estoppel that comes into creation by virtue of the policy? I'm not aware of
any IPR policy in standards bodies that works that way - and I'm not sure
its really effective from a legal point of view. 

As an alternative, when we say "issue a license", perhaps we should
be saying "a unilateral license or covenant of non-assertion (etc) that does
not require affirmative action on the part of the licensee" (needs to be
worded right - but does that capture your intent?) I'd note that the w3c and
oasis (rf on limited terms) policies do *not* require patent licensors to
issue these sort of super-low-friction licenses (though I've personally
pushed for it within OASIS). 

-Gabe

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Ben Laurie
> Sent: Thursday, December 07, 2006 8:31 AM
> To: Recordon, David
> Cc: specs@openid.net; [EMAIL PROTECTED]
> Subject: Re: [OpenID] OpenID IPR Policy Draft
> 
> On 12/6/06, Recordon, David <[EMAIL PROTECTED]> wrote:
> > Hey guys,
> > Been working with Gabe, and others, on starting to draft an IPR Policy
> > for OpenID specifications.  We'd appreciate feedback in terms of if what
> > is written captures the correct intent of the community?  We realize the
> > language isn't technically as tight as it needs to be, though first want
> > to make sure it is saying the right thing.  It is largely based on the
> > IPR Policy for Microformats.
> >
> > http://openid.net/wiki/index.php/IPR_Policy
> 
> A problem with saying "you MUST offer ... a royalty free license" is
> that in order to be open-source-friendly the licence has to be
> automatic - otherwise potentially each user of the s/w has to jump
> through hoops to get the licence.
> 
> >
> > Thanks,
> > --David
> > ___
> > general mailing list
> > [EMAIL PROTECTED]
> > http://openid.net/mailman/listinfo/general
> >
> ___
> general mailing list
> [EMAIL PROTECTED]
> http://openid.net/mailman/listinfo/general

___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

RE: OpenID IPR Policy Draft

2006-12-07 Thread Gabe Wachob 
Actually, the language was changed from "post to a list", not "subscribe to
a list" for this very reason. 

Our intent was to come up with another simple trigger that didn't involve a
lot of process (and was clear and not subject to much interpretation) and
decided that this was a reasonable first cut (the act of posting to the
list). What other simple trigger would you suggest? How do you define
"contribution"? Who defines contribution? This is fuzzy line here - we were
trying to enclose the largest scope of contributions to minimize questions
later on whether or not an idea was "contributed" or not (e.g. a
patent-covered claim can be incorporated in a specification whether or not a
patent owner actually contributes *text*). 

This stuff is rather complicated and since we are not doing it within the
confines of a traditional standards body, we either have to take the time to
do a formal IPR policy which implies more formal process (introducing
friction to wider community participation), OR we have to have a IPR policy
that acknowledges the loose procedure we are using and recognizes the risk
of this approach with respect to IPR disclosure and licensing. There's no
free lunch here. 

The one thing I think we really should avoid is recreating a more formal
standards body from scratch - its hard work and these bodies already exist.
If this community really believes that we need the more formal process and
IPR policy, then we should consider taking this effort to a standards body
like OASIS *now* rather than later. 

I think a number of us working on this hoped that we could get this work to
an implementable state sooner than it would be practical to move to a formal
standards body. The current work on IPR policy is a stopgap measure until
such a time that we decide to take the work to a more formal standards body.
 

-Gabe



> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of Martin Atkins
> Sent: Thursday, December 07, 2006 10:54 AM
> To: [EMAIL PROTECTED]; specs@openid.net
> Subject: Re: OpenID IPR Policy Draft
> 
> Recordon, David wrote:
> >
> > http://openid.net/wiki/index.php/IPR_Policy
> >
> 
> Is it really possible to use mailing list subscription as a trigger for
> a contract like this? The whole idea scares me a little bit, to be honest.
> 
> It seems more sensible to me to put these restrictions on actual
> *contributions*: require that any proposal or concrete
> specification/implementation offered via the mailing lists or other
> "official" channels to come with patent disclosure, and only *then* are
> any undisclosed patents assumed to constitute a royalty-free, perpetual
> licence.
> 
> As it is currently written, I think lots of companies that retain
> software patents of any kind - or even ones that don't but may wish to
> in the future - would be put off contributing due to the risk that their
> patents may be implicitly licenced to everyone.
> 
> I'm not a lawyer, of course. However, not everyone who could potentially
> be affected by this is a lawyer either, so putting in stuff that
> potentially scares non-lawyers like myself is probably a bad idea.
> 
> 
> ___
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/listinfo/specs

___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

RE: OpenID IPR Policy Draft

2006-12-07 Thread Gabe Wachob 
The reason is easy - each of these organizations has a different process and
the IPR is intimately tied to process (for example, when certain disclosure
and licensing agreements come into force). 

 

In addition, some bodies offer a broader spectrum of levels of IPR
encumberance for the specs produced in each body. 

 

They actually don't differ much beyond this, however, and the spirit of the
respective IPR policies are converging.

 

-Gabe

 

  _  

From: Hallam-Baker, Phillip [mailto:[EMAIL PROTECTED] 
Sent: Thursday, December 07, 2006 10:20 AM
To: Gabe Wachob; Brett McDowell; Recordon, David
Cc: specs@openid.net; [EMAIL PROTECTED]
Subject: RE: OpenID IPR Policy Draft

 

Why not just take the W3C IPR policy verbatim and change the organization
name?

 

The W3C patent policy is I believe released under creative commons for
precisely this reason if not this can easily happen. The agreement was
subscribed to by all the major vendors and the major open source groups.

 

Unless someone wants to incorporate proprietary technology that they are not
willing to release the rights to as required by the W3C terms this is a
debate we don't need to have.

 

 

Ideally the Apache, Mozilla, OASIS, W3C and IETF IPR WGs would get together
and devise an industry standard acceptable to both Open Source and
proprietary vendors. The introduction of suspense licenses means that it is
not unthinkable that they would reach a common set of terms.


 


  _  


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Gabe Wachob
Sent: Thursday, December 07, 2006 1:01 PM
To: 'Brett McDowell'; Recordon, David
Cc: specs@openid.net; [EMAIL PROTECTED]
Subject: RE: OpenID IPR Policy Draft

Brett-

We need to get consensus on what the community wants before we
take this to an attorney.. However, I've done these sorts of IPR policies
for standards efforts several times and I can tell you that the process of
working through these IPR policies is slow, painful and expensive. I think
presenting an "already baked" (ie already drafted by lawyers) IPR policy to
this community and asking for a up/down vote is not in keeping with the
spirit of this development process. 

-Gabe

 


  _  


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Brett McDowell
Sent: Thursday, December 07, 2006 6:48 AM
To: Recordon, David
Cc: specs@openid.net; [EMAIL PROTECTED]
Subject: Re: OpenID IPR Policy Draft

 

This is normally lawyer work.  I recommend the companies & individuals
invested in OpenID immediately turn this exercise over to your legal counsel
to ensure your interests--and the interests of the community--are protected
appropriately. 

Does the new OpenID organization have legal counsel retained (I don't mean
volunteers, but actually hired)?  If not, that would be my second
recommendation.

--Brett

On 12/6/06, Recordon, David <[EMAIL PROTECTED]> wrote:

Hey guys,
Been working with Gabe, and others, on starting to draft an IPR Policy
for OpenID specifications.  We'd appreciate feedback in terms of if what
is written captures the correct intent of the community?  We realize the 
language isn't technically as tight as it needs to be, though first want
to make sure it is saying the right thing.  It is largely based on the
IPR Policy for Microformats.

http://openid.net/wiki/index.php/IPR_Policy

Thanks,
--David
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs




-- 
Brett McDowell +1.413.662.2744 

___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

RE: [OpenID] OpenID Assertion Quality Extension - Draft

2006-12-07 Thread Granqvist, Hans 
> It might be useful to some RP's to know of any complexity 
> schemes put on users' passwords.
> ...
> What do you think?
> 

I think this is excellent information . . . for someone
trying to figure out your password!

-Hans
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Re: OpenID IPR Policy Draft

2006-12-07 Thread Johannes Ernst 
I agree.

There is also the scenario where somebody does have undisclosed  
patents (read: at least all large companies), they consider  
themselves to be fine because they don't think any of the current  
OpenID discussion relates to them, but then, somebody takes the  
conversation into a different direction (say, a new crypto algorithm,  
or a way of connecting OpenID to One-click ;-)), and the new  
direction does relate to their patents. What now?

It's got to be by actual contribution, not just by passive listening.  
Otherwise we scare off way more people than I would like to scare off...

On Dec 7, 2006, at 10:54, Martin Atkins wrote:


> Recordon, David wrote:
>
>>
>> http://openid.net/wiki/index.php/IPR_Policy
>>
> [EMAIL PROTECTED], specs@openid.net
>
> I agree.
>
> There is also the scenario where somebody does have undisclosed  
> patents (read: at least all large companies), they consider  
> themselves to be fine because they don't think any of the current  
> OpenID discussion relates to them, but then, somebody takes the  
> conversation into a different direction (say, a new crypto  
> algorithm, or a way of connecting OpenID to One-click ;-)), and the  
> new direction does relate to their patents. What now?
>
> It's got to be by actual contribution, not just by passive  
> listening. Otherwise we scare off way more people than I would like  
> to scare off...
>
> On Dec 7, 2006, at 10:54, Martin Atkins wrote:
>
>
>> Recordon, David wrote:
>>
>>>
>>> http://openid.net/wiki/index.php/IPR_Policy
>>>
>>>
>>
>> Is it really possible to use mailing list subscription as a  
>> trigger for
>> a contract like this? The whole idea scares me a little bit, to be  
>> honest.
>>
>> It seems more sensible to me to put these restrictions on actual
>> *contributions*: require that any proposal or concrete
>> specification/implementation offered via the mailing lists or other
>> "official" channels to come with patent disclosure, and only  
>> *then* are
>> any undisclosed patents assumed to constitute a royalty-free,  
>> perpetual
>> licence.
>>
>> As it is currently written, I think lots of companies that retain
>> software patents of any kind — or even ones that don't but may  
>> wish to
>> in the future — would be put off contributing due to the risk that  
>> their
>> patents may be implicitly licenced to everyone.
>>
>> I'm not a lawyer, of course. However, not everyone who could  
>> potentially
>> be affected by this is a lawyer either, so putting in stuff that
>> potentially scares non-lawyers like myself is probably a bad idea.
>>
>>
>> ___
>> specs mailing list
>> specs@openid.net
>> http://openid.net/mailman/listinfo/specs
>>
>
>
> Is it really possible to use mailing list subscription as a trigger  
> for
> a contract like this? The whole idea scares me a little bit, to be  
> honest.
>
> It seems more sensible to me to put these restrictions on actual
> *contributions*: require that any proposal or concrete
> specification/implementation offered via the mailing lists or other
> "official" channels to come with patent disclosure, and only *then*  
> are
> any undisclosed patents assumed to constitute a royalty-free,  
> perpetual
> licence.
>
> As it is currently written, I think lots of companies that retain
> software patents of any kind — or even ones that don't but may wish to
> in the future — would be put off contributing due to the risk that  
> their
> patents may be implicitly licenced to everyone.
>
> I'm not a lawyer, of course. However, not everyone who could  
> potentially
> be affected by this is a lawyer either, so putting in stuff that
> potentially scares non-lawyers like myself is probably a bad idea.
>
>
> ___
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/listinfo/specs
>


___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Re: OpenID IPR Policy Draft

2006-12-07 Thread Johannes Ernst 
I agree.

There is also the scenario where somebody does have undisclosed  
patents (read: at least all large companies), they consider  
themselves to be fine because they don't think any of the current  
OpenID discussion relates to them, but then, somebody takes the  
conversation into a different direction (say, a new crypto algorithm,  
or a way of connecting OpenID to One-click ;-)), and the new  
direction does relate to their patents. What now?

It's got to be by actual contribution, not just by passive listening.  
Otherwise we scare off way more people than I would like to scare off...

On Dec 7, 2006, at 10:54, Martin Atkins wrote:

> Recordon, David wrote:
>>
>> http://openid.net/wiki/index.php/IPR_Policy
>>
>
> Is it really possible to use mailing list subscription as a trigger  
> for
> a contract like this? The whole idea scares me a little bit, to be  
> honest.
>
> It seems more sensible to me to put these restrictions on actual
> *contributions*: require that any proposal or concrete
> specification/implementation offered via the mailing lists or other
> "official" channels to come with patent disclosure, and only *then*  
> are
> any undisclosed patents assumed to constitute a royalty-free,  
> perpetual
> licence.
>
> As it is currently written, I think lots of companies that retain
> software patents of any kind — or even ones that don't but may wish to
> in the future — would be put off contributing due to the risk that  
> their
> patents may be implicitly licenced to everyone.
>
> I'm not a lawyer, of course. However, not everyone who could  
> potentially
> be affected by this is a lawyer either, so putting in stuff that
> potentially scares non-lawyers like myself is probably a bad idea.
>
>
> ___
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/listinfo/specs

___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Re: OpenID IPR Policy Draft

2006-12-07 Thread Martin Atkins 
Recordon, David wrote:
> 
> http://openid.net/wiki/index.php/IPR_Policy
> 

Is it really possible to use mailing list subscription as a trigger for 
a contract like this? The whole idea scares me a little bit, to be honest.

It seems more sensible to me to put these restrictions on actual 
*contributions*: require that any proposal or concrete 
specification/implementation offered via the mailing lists or other 
"official" channels to come with patent disclosure, and only *then* are 
any undisclosed patents assumed to constitute a royalty-free, perpetual 
licence.

As it is currently written, I think lots of companies that retain 
software patents of any kind — or even ones that don't but may wish to 
in the future — would be put off contributing due to the risk that their 
patents may be implicitly licenced to everyone.

I'm not a lawyer, of course. However, not everyone who could potentially 
be affected by this is a lawyer either, so putting in stuff that 
potentially scares non-lawyers like myself is probably a bad idea.


___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

RE: OpenID IPR Policy Draft

2006-12-07 Thread Hallam-Baker, Phillip 
Why not just take the W3C IPR policy verbatim and change the organization name?
 
The W3C patent policy is I believe released under creative commons for 
precisely this reason if not this can easily happen. The agreement was 
subscribed to by all the major vendors and the major open source groups.
 
Unless someone wants to incorporate proprietary technology that they are not 
willing to release the rights to as required by the W3C terms this is a debate 
we don't need to have.
 
 
Ideally the Apache, Mozilla, OASIS, W3C and IETF IPR WGs would get together and 
devise an industry standard acceptable to both Open Source and proprietary 
vendors. The introduction of suspense licenses means that it is not unthinkable 
that they would reach a common set of terms.

 



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gabe 
Wachob
Sent: Thursday, December 07, 2006 1:01 PM
To: 'Brett McDowell'; Recordon, David
Cc: specs@openid.net; [EMAIL PROTECTED]
Subject: RE: OpenID IPR Policy Draft



Brett-

We need to get consensus on what the community wants before 
we take this to an attorney.. However, I've done these sorts of IPR policies 
for standards efforts several times and I can tell you that the process of 
working through these IPR policies is slow, painful and expensive. I think 
presenting an "already baked" (ie already drafted by lawyers) IPR policy to 
this community and asking for a up/down vote is not in keeping with the spirit 
of this development process. 

-Gabe

 





From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett 
McDowell
Sent: Thursday, December 07, 2006 6:48 AM
To: Recordon, David
Cc: specs@openid.net; [EMAIL PROTECTED]
Subject: Re: OpenID IPR Policy Draft

 

This is normally lawyer work.  I recommend the companies & individuals 
invested in OpenID immediately turn this exercise over to your legal counsel to 
ensure your interests--and the interests of the community--are protected 
appropriately. 

Does the new OpenID organization have legal counsel retained (I don't 
mean volunteers, but actually hired)?  If not, that would be my second 
recommendation.

--Brett

On 12/6/06, Recordon, David <[EMAIL PROTECTED]> wrote:

Hey guys,
Been working with Gabe, and others, on starting to draft an IPR Policy
for OpenID specifications.  We'd appreciate feedback in terms of if what
is written captures the correct intent of the community?  We realize 
the 
language isn't technically as tight as it needs to be, though first want
to make sure it is saying the right thing.  It is largely based on the
IPR Policy for Microformats.

http://openid.net/wiki/index.php/IPR_Policy

Thanks,
--David
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs




-- 
Brett McDowell +1.413.662.2744 

___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

RE: OpenID IPR Policy Draft

2006-12-07 Thread Gabe Wachob 
Brett-

We need to get consensus on what the community wants before we
take this to an attorney.. However, I've done these sorts of IPR policies
for standards efforts several times and I can tell you that the process of
working through these IPR policies is slow, painful and expensive. I think
presenting an "already baked" (ie already drafted by lawyers) IPR policy to
this community and asking for a up/down vote is not in keeping with the
spirit of this development process. 

-Gabe

 

  _  

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Brett McDowell
Sent: Thursday, December 07, 2006 6:48 AM
To: Recordon, David
Cc: specs@openid.net; [EMAIL PROTECTED]
Subject: Re: OpenID IPR Policy Draft

 

This is normally lawyer work.  I recommend the companies & individuals
invested in OpenID immediately turn this exercise over to your legal counsel
to ensure your interests--and the interests of the community--are protected
appropriately. 

Does the new OpenID organization have legal counsel retained (I don't mean
volunteers, but actually hired)?  If not, that would be my second
recommendation.

--Brett

On 12/6/06, Recordon, David <[EMAIL PROTECTED]> wrote:

Hey guys,
Been working with Gabe, and others, on starting to draft an IPR Policy
for OpenID specifications.  We'd appreciate feedback in terms of if what
is written captures the correct intent of the community?  We realize the 
language isn't technically as tight as it needs to be, though first want
to make sure it is saying the right thing.  It is largely based on the
IPR Policy for Microformats.

http://openid.net/wiki/index.php/IPR_Policy

Thanks,
--David
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs




-- 
Brett McDowell +1.413.662.2744 

___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Re: OpenID IPR Policy Draft

2006-12-07 Thread Recordon, David 
Brett,
We certainly are going to be working with our counsel, though first wanted to 
make sure we captured the community's intent.

--David


 -Original Message-
From:   Brett McDowell [mailto:[EMAIL PROTECTED]
Sent:   Thursday, December 07, 2006 06:47 AM Pacific Standard Time
To: Recordon, David
Cc: [EMAIL PROTECTED]; specs@openid.net
Subject:Re: OpenID IPR Policy Draft

This is normally lawyer work.  I recommend the companies & individuals invested 
in OpenID immediately turn this exercise over to your legal counsel to ensure 
your interests--and the interests of the community--are protected 
appropriately. 

Does the new OpenID organization have legal counsel retained (I don't mean 
volunteers, but actually hired)?  If not, that would be my second 
recommendation.

--Brett


On 12/6/06, Recordon, David <[EMAIL PROTECTED]> wrote:

Hey guys,
Been working with Gabe, and others, on starting to draft an IPR Policy
for OpenID specifications.  We'd appreciate feedback in terms of if what
is written captures the correct intent of the community?  We realize the 
language isn't technically as tight as it needs to be, though first want
to make sure it is saying the right thing.  It is largely based on the
IPR Policy for Microformats.

  
http://openid.net/wiki/index.php/IPR_Policy

Thanks,
--David
___
specs mailing list
specs@openid.net
  
http://openid.net/mailman/listinfo/specs





-- 
Brett McDowell +1.413.662.2744 
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Re: OpenID IPR Policy Draft

2006-12-07 Thread Brett McDowell 

This is normally lawyer work.  I recommend the companies & individuals
invested in OpenID immediately turn this exercise over to your legal counsel
to ensure your interests--and the interests of the community--are protected
appropriately.

Does the new OpenID organization have legal counsel retained (I don't mean
volunteers, but actually hired)?  If not, that would be my second
recommendation.

--Brett

On 12/6/06, Recordon, David <[EMAIL PROTECTED]> wrote:


Hey guys,
Been working with Gabe, and others, on starting to draft an IPR Policy
for OpenID specifications.  We'd appreciate feedback in terms of if what
is written captures the correct intent of the community?  We realize the
language isn't technically as tight as it needs to be, though first want
to make sure it is saying the right thing.  It is largely based on the
IPR Policy for Microformats.

http://openid.net/wiki/index.php/IPR_Policy

Thanks,
--David
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs





--
Brett McDowell +1.413.662.2744
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs