[OpenID board] [legal] Feedback on latest drafts of OpenID IPR Policy and Process

Dick Hardt dick at sxip.com
Mon Dec 3 22:52:09 UTC 2007

On 3-Dec-07, at 2:33 AM, Martin Atkins wrote:

> Dick Hardt wrote:
>> The objective in having Contributors execute a NAA to participate in
>> a WG is so that the Contributor does not lead the group down the
>> garden path of a patent that an evil Contributor has and then
>> surprise everyone at the end. Given that some people are evil and
>> would like to play this game, we have just changed the means by which
>> the game is played. They can't be a contributor, but they can be part
>> of the OpenID Community, implement OpenID specifications and still
>> make infringement claims against implementors of an OpenID
>> specification they did not contribute to.
> In your other message you defined "members of the OpenID community" to
> mean "members of the OpenID Foundation", which is fine because that
> would seem to be the only definition that allows the above to work.
> The OpenID Foundation can't impose rules on people who don't join the
> Foundation, aside from those it's specifically allowed by law.
> (Trademark protection, for example.)
> I'm not sure how the above attack is prevented by your alteration.  
> It is
> not required that you be a member of the foundation in order to
> implement an OpenID specification. All your above attacker has to  
> do to
> avoid culpability is simply not join the Foundation at all.

Agreed. But then they are not perceived as being part of the community.
If they are an implementor and they sue other people, then the  
reciprocity is lost.
If they are a troll, then we have to figure out how to resolve in a  
different way.

My point being that if you are going to get some of the community to  
NAA, you should get all of the community -- otherwise it raises the  
question why some gave NAA for some specs and not for others.

>> The direction of the specifications council of being representation
>> vs full meritocracy is in the wrong direction from my point of view.
>> The Board and the Specs council should serve at the pleasure of the
>> Community. Being elected by the community does not mean the Board or
>> council are representing the Communities interest. So much can happen
>> in two years, that OpenID can be in a completely different direction
>> by the time a new set of elections happen.
> [snip]
>> I strongly feel the power should be with the Community, not the
>> Board, and not the Specifications  Council. The Community should
>> decide on starting WGs, finalization of Specifications and changes to
>> the process and policy.
> I agree with you in principle, but I'm concerned that having a
> community-wide (which of course really means membership-wide) vote on
> every single working group ratification and other such issues seems  
> like
> it would be an unworkable burden.

That is a valid concern. I think given previous voting technologies,  
that would be valid. Perhaps with digital identities we can lower the  
friction? Perhaps we SHOULD engage the community in all decisions so  
that we have first hand experience on how to keep the friction low  
for direct community involvement?

> Perhaps a compromise can be drawn, where only the most important  
> issues
> (for example, whether to approve a Final Specification, and of course
> who is on the Specs council and Board) would be done using a
> membership-wide vote, but other issues such as the ratification of a
> working group would be done by the specs council. After all, the mere
> creation of a working group has little impact in the grand scheme.

The inability to create a working group has a profound impact on the  
Most members will be following the creation of new working groups.  
Logging in with your OpenID and voting on them does not seem to be  
that much more work.

> It's also worth noting, I think, that the specs council and board  
> won't
> be working in a vacuum. They will presumably take into account the
> feedback of the community when making decisions. If either the specs
> council or the board ever gets into a situation where a majority of  
> the
> members are "corrupt" then we have bigger problems.

Given that this is work is an internet scale protocol, one would  
think that it would be done in IETF. Why is it not done there? Do we  
want to be in the same situation in 5 years?

Given that we can easily vote online and our mission is to create  
digital identity, the friction in getting the membership to vote has  
been greatly reduced, and I think is a showcase for how to digital  
identity can reduce the friction in making group decisions.

More information about the board mailing list