[OpenID board] Draft OpenID Intellectual Property Rights Policy forReview

Drummond Reed drummond.reed at cordance.net
Wed Sep 26 17:35:44 UTC 2007


First I want to say to you, Bill Washburn, the other OpenID Foundation board
members, and others in the community who worked with you on this: nice job.
I know it's been a huge amount of work, but it's worth it in every way.

Second: I agree you needed to send this message to both legal and general,
but it would be great if we could agree to use one list for the feedback

How about general, since feedback is a topic for the whole community? (I'm
cc'ing legal on this message just so they know to use general.)


> -----Original Message-----
> From: board-bounces at openid.net [mailto:board-bounces at openid.net] On Behalf
> Of David Recordon
> Sent: Wednesday, September 26, 2007 8:35 AM
> To: legal at openid.net
> Cc: general at openid.net
> Subject: [OpenID board] Draft OpenID Intellectual Property Rights Policy
> forReview
> Since the early summer we've been working to define an intellectual
> property rights policy and process for technical OpenID specification
> work moving forward.  The goal of this work is to truly allow the
> community to continue to live up to Brad Fitzpatrick's original
> "nobody should own this" statement.  As the community has grown this
> year to include participation of larger companies, the desire to make
> this statement a reality from a legal perspective has been quite
> strong.  To achieve this, a group of representatives from the OpenID
> Foundation, AOL, Microsoft, VeriSign, Sun, Symantec, and Yahoo!
> worked to help draft and review a policy and related documents basing
> the work upon similar policies from the IETF, OASIS, W3C, and Liberty
> Alliance.  Today we're asking for review of this work for thirty days
> so that before the end of the year we as a community can adopt the
> policy and release the OpenID Authentication 2.0 specification final
> version under it.
> As to the question of "What does this mean to me", there are a few
> answers:
>   - If you are using/implementing OpenID there is nothing that you
> need to do to be protected by this policy.  All future work will be
> covered by it and the policy includes provisions to retroactively
> apply the non-assertion covenant to OpenID Authentication 1.1, OpenID
> Simple Registration 1.0, and Yadis 1.0.
>   - If you have actively contributed to one of the OpenID
> specifications (especially if you have written text for 2.0) we will
> be contacting you proactively over the next month for feedback on the
> policy and asking you to agree to it.  This will thus allow us as a
> community to release the 2.0 specification this year under the policy.
>   - Once the policy is adopted, specification work will be broken up
> into "working groups" based upon a topic.  For example Authentication
> and Attribute Exchange will most likely become two working groups
> with each group having its own specs-<foo>@openid.net mailing list.
> This is to allow for IPR promises from the larger companies which may
> not wish to participate in every OpenID community effort.  Before
> posting to one of these working group lists for the first time, you
> will be required to agree to the policy.  This will ensure that all
> formal contributions to the final specifications are covered by the
> policy and the resulting spec does not have any known IPR encumbrances.
> As part of this effort, we've also drafted a rationale document to
> help explain some of the "design decisions" the group made.
> Generally I recommend you read that document (it is free from
> legalese) and it can be found at http://openid.net/ipr/
> OpenID_IPR_Rationale-Circulation_Draft_20070925.pdf.  The policy and
> process documents themselves can be found at http://openid.net/ipr/.
> (I apologize for the PDFs, we'll get these up in HTML format before
> they're final).  If you didn't see your question answered in this
> email, please do look at the rationale document as it hopefully will
> already be answered there.
> We've tried to keep the policy and process as simple as possible
> while still giving the needed legal protections and are looking for
> feedback around the process.  One thing to keep in mind is that the
> process is based on consensus (much like the IETF or ASF) and many of
> the clauses only apply in the case that consensus is impossible to
> reach (which is viewed as being quite rare).  There is also still
> some word-smithing which is needed, so anyplace it seems like we
> meant to say the "OpenID Foundation" instead of "OpenID", we probably
> meant to. :)
> We realize this is a lot to process, but have tried our best to
> represent the views of a wide range of companies with varying IPR
> positions as well as the values of this community.  We're certainly
> interested in feedback and questions, ideally within the next thirty
> days sent to legal at openid.net.  Differing from many discussions, even
> if all you have to say is "+1" that is valuable feedback so that we
> can know if we're on the right track.  Please also feel free to
> contact me off-list if there are any questions or concerns you have
> that you don't wish to discuss publicly though we certainly encourage
> this discussion to happen on the list.
> Thanks again to everyone who has been involved in this work!
> --David
> _______________________________________________
> board mailing list
> board at openid.net
> http://openid.net/mailman/listinfo/board

More information about the board mailing list