[legal] a truly OPEN process and policy for OpenID IPR
Dick Hardt
dick at sxip.com
Mon Dec 3 06:13:23 UTC 2007
Lists
I just reviewed the OpenID IPR Process and Policy documents. Many
people have worked hard on this document over a significant period of
time, and I applaud and respect all the effort that has gone into the
document. Unfortunately the primary participants have been large
vendors and there has not been very much involvement from the broader
OpenID community, and to be frank, I don't think it serves the
community as well as it could.
My Goals for IPR Process and Policy
1) Ensure that only specifications approved by the OpenID Community
are labeled as being OpenID specifications.
- preserve the OpenID Brand -- this is pretty straight forward
2) Ensure that the copyright of all OpenID Specifications is owned by
the OpenID Foundation for the enjoyment of all members of the OpenID
Community.
- I think this is pretty obvious, and just means we need an agreement
from any writing stuff that the Foundation owns the copyright.
3) Ensure that OpenID specifications are not encumbered by patents to
the best of our ability. (more details below)
4) Ensure that OpenID stays open. That anyone can start a working
group and create a new OpenID specification. That fresh,
controversial ideas are welcome. (more details below)
There may be some other goals, and you might not think all the ones I
listed are that important. That is ok. This is intended to be a
dialog. Please read the rest of the email, and then let me know where
you think I have gone wrong.
Patents (Goal 3 elaboration)
----------------------------------------------------------
There are a number of scenarios to consider when looking to achieve
goal (3). Here are the ones that I am aware of. I might have missed
some. Let me know!
A) Evil_party steers a specification in a direction that evil_party
has a patent (or has applied for a patent). Once the specification
has been finalized, implemented and deployed, evil_party says
"Surprise, pay me some money or stop using it". The solution to this
is to get all parties involved in the specification to promise they
won't assert their patent rights.
B) Contributors to a specification decide they would like to
incorporate some technique or method in a specification. Victim_party
has a patent (or application) about said technique or method.
Victim_party does not want to share it with the Community, so there
needs to be a method for victim_party to opt out of the non-assertion
promise.
With the knowledge that there is IP that might be infringed, it is
likely the specification authors will devise a different method of
achieving their end goal as few parties will want to implement a
specification that might be encumbered.
C) Free_loader_party implements the specifications, and also owns
patents that infringed on by the specifications. the
free_loader_party sues other implementers and continues to use the
specifications without repercussions because all the other parties
promised not to assert. The Apache 2.0 license foresaw this scenario,
and any implementor that asserts rights to patents, loses the non-
assert promise from all other contributors and can they can assert
their rights on the free_loader_party.
D) Patent_troll files patents. Patent_troll does not implement
specifications. Patent_troll sues implementors. Unfortunately there
is known legal method form removing patent_troll.
Summary: we need ALL members of the community to make non-assertion
statements. Being part of the community means you will not sue any
other member of the community for implementing an OpenID
specification UNLESS you have explicitly stated that you have IP in a
specification. (this prevents scenario (B))
Keeping OpenID OPEN (Goal 4 elaboration)
----------------------------------------------------------
Other people may not think this is that important of a goal, but
having had personal experience here, I strongly think it is something
that we need to address in the creation of our policy.
A short story: I attended 3 IETF meeting to try and start a working
group to solve what OpenID solves. Clearly there was a problem.
Clearly nothing else was solving what needed to be solved. The inner
circle either thought the problem was already solved, or had a
different idea on how to solve it. Clearly there was a need since
OpenID has generated significant interest and participation. Given
this experience, I am sensitive to how a standards organization can
become insular to outsiders. I don't want this to happen in OpenID.
We must prevent OpenID from being run by an inner circle that places
significant barriers to new members. Successful open source projects
work hard at welcoming new members. The ones that don't drift away
and become less relevant. Let's make sure we keep the "open" in OpenID.
How might OpenID get CLOSED?
I will propose that an organization gets closed when there are
barriers to membership, or when it no longer represents its membership.
By maintaining a low bar for someone to be a member, and for major
decisions to be made by the membership rather then an elite group, I
think OpenID can stay OPEN.
wrt. the OpenID IPR Process and Policy I would propose the following
major decisions be made by the OpenID Community:
1) approval of working groups.
A group of specifications advisors that can assist any party
interested in starting a working group to create a charter, scope and
related documents will simplify the application process and assist in
creating clear, concise charters -- but let the Community vote if the
working group should be started
2) approval of final specifications
once again the Community is who the specifications are for, and once
again a specifications advisory group can guide the WG towards
creating a specification that is acceptable to the community
3) changing the IPR policy and process
Any change to the policy and process should be done so that it
continues to reflect the objectives of the community. The OpenID
Foundation Board and Specifications Advisors should be able to
clearly articulate to the Community what needs to change and why, but
the Community should vote on the change to ensure that it truly is
what the Community wants.
OpenID Community
So who is the OpenID Community? One simple method of defining that is
that everyone that is a member of the OpenID Foundation, is a member
of the community. For people financially challenged, there is a means
for the board to make individuals members as "invited experts". The
fees are not prohibitive to anyone that has a vested interest in
OpenID. I think this enables us to have a clear line on who is in. It
also mirrors IETF in some ways in that whoever pays fees and shows up
to IETF meetings is a member of the community.
I know we all want to get the IPR process and policy done, but if we
don't do it right, we will all be very unhappy in the not too distant
future.
-- Dick
More information about the legal
mailing list