[OpenID board] Draft OpenID Intellectual Property Rights Policy for Review

David Recordon drecordon at sixapart.com
Wed Sep 26 15:35:18 UTC 2007

Since the early summer we've been working to define an intellectual  
property rights policy and process for technical OpenID specification  
work moving forward.  The goal of this work is to truly allow the  
community to continue to live up to Brad Fitzpatrick's original  
"nobody should own this" statement.  As the community has grown this  
year to include participation of larger companies, the desire to make  
this statement a reality from a legal perspective has been quite  
strong.  To achieve this, a group of representatives from the OpenID  
Foundation, AOL, Microsoft, VeriSign, Sun, Symantec, and Yahoo!  
worked to help draft and review a policy and related documents basing  
the work upon similar policies from the IETF, OASIS, W3C, and Liberty  
Alliance.  Today we're asking for review of this work for thirty days  
so that before the end of the year we as a community can adopt the  
policy and release the OpenID Authentication 2.0 specification final  
version under it.

As to the question of "What does this mean to me", there are a few  
  - If you are using/implementing OpenID there is nothing that you  
need to do to be protected by this policy.  All future work will be  
covered by it and the policy includes provisions to retroactively  
apply the non-assertion covenant to OpenID Authentication 1.1, OpenID  
Simple Registration 1.0, and Yadis 1.0.
  - If you have actively contributed to one of the OpenID  
specifications (especially if you have written text for 2.0) we will  
be contacting you proactively over the next month for feedback on the  
policy and asking you to agree to it.  This will thus allow us as a  
community to release the 2.0 specification this year under the policy.
  - Once the policy is adopted, specification work will be broken up  
into "working groups" based upon a topic.  For example Authentication  
and Attribute Exchange will most likely become two working groups  
with each group having its own specs-<foo>@openid.net mailing list.   
This is to allow for IPR promises from the larger companies which may  
not wish to participate in every OpenID community effort.  Before  
posting to one of these working group lists for the first time, you  
will be required to agree to the policy.  This will ensure that all  
formal contributions to the final specifications are covered by the  
policy and the resulting spec does not have any known IPR encumbrances.

As part of this effort, we've also drafted a rationale document to  
help explain some of the "design decisions" the group made.   
Generally I recommend you read that document (it is free from  
legalese) and it can be found at http://openid.net/ipr/ 
OpenID_IPR_Rationale-Circulation_Draft_20070925.pdf.  The policy and  
process documents themselves can be found at http://openid.net/ipr/.   
(I apologize for the PDFs, we'll get these up in HTML format before  
they're final).  If you didn't see your question answered in this  
email, please do look at the rationale document as it hopefully will  
already be answered there.

We've tried to keep the policy and process as simple as possible  
while still giving the needed legal protections and are looking for  
feedback around the process.  One thing to keep in mind is that the  
process is based on consensus (much like the IETF or ASF) and many of  
the clauses only apply in the case that consensus is impossible to  
reach (which is viewed as being quite rare).  There is also still  
some word-smithing which is needed, so anyplace it seems like we  
meant to say the "OpenID Foundation" instead of "OpenID", we probably  
meant to. :)

We realize this is a lot to process, but have tried our best to  
represent the views of a wide range of companies with varying IPR  
positions as well as the values of this community.  We're certainly  
interested in feedback and questions, ideally within the next thirty  
days sent to legal at openid.net.  Differing from many discussions, even  
if all you have to say is "+1" that is valuable feedback so that we  
can know if we're on the right track.  Please also feel free to  
contact me off-list if there are any questions or concerns you have  
that you don't wish to discuss publicly though we certainly encourage  
this discussion to happen on the list.

Thanks again to everyone who has been involved in this work!


More information about the board mailing list