[legal] a truly OPEN process and policy for OpenID IPR

Dick Hardt dick at sxip.com
Mon Dec 3 06:13:23 UTC 2007


Lists

I just reviewed the OpenID IPR Process and Policy documents. Many  
people have worked hard on this document over a significant period of  
time, and I applaud and respect all the effort that has gone into the  
document. Unfortunately the primary participants have been large  
vendors and there has not been very much involvement from the broader  
OpenID community, and to be frank, I don't think it serves the  
community as well as it could.

My Goals for IPR Process and Policy

1) Ensure that only specifications approved by the OpenID Community  
are labeled as being OpenID specifications.
- preserve the OpenID Brand -- this is pretty straight forward

2) Ensure that the copyright of all OpenID Specifications is owned by  
the OpenID Foundation for the enjoyment of all members of the OpenID  
Community.
- I think this is pretty obvious, and just means we need an agreement  
from any writing stuff that the Foundation owns the copyright.

3) Ensure that OpenID specifications are not encumbered by patents to  
the best of our ability. (more details below)

4) Ensure that OpenID stays open. That anyone can start a working  
group and create a new OpenID specification. That fresh,  
controversial ideas are welcome.  (more details below)

There may be some other goals, and you might not think all the ones I  
listed are that important. That is ok. This is intended to be a  
dialog. Please read the rest of the email, and then let me know where  
you think I have gone wrong.

Patents (Goal 3 elaboration)
----------------------------------------------------------
There are a number of scenarios to consider when looking to achieve  
goal (3). Here are the ones that I am aware of. I might have missed  
some. Let me know!

A)  Evil_party steers a specification in a direction that evil_party  
has a patent (or has applied for a patent). Once the specification  
has been finalized, implemented and deployed, evil_party says  
"Surprise, pay me some money or stop using it". The solution to this  
is to get all parties involved in the specification to promise they  
won't assert their patent rights.

B) Contributors to a specification decide they would like to  
incorporate some technique or method in a specification. Victim_party  
has a patent (or application) about said technique or method.  
Victim_party does not want to share it with the Community, so there  
needs to be a method for victim_party to opt out of the non-assertion  
promise.
With the knowledge that there is IP that might be infringed, it is  
likely the specification authors will devise a different method of  
achieving their end goal as few parties will want to  implement a  
specification that might be encumbered.

C) Free_loader_party implements the specifications, and also owns  
patents that infringed on by the specifications. the  
free_loader_party sues other implementers and continues to use the  
specifications without repercussions because all the other parties  
promised not to assert. The Apache 2.0 license foresaw this scenario,  
and any implementor that asserts rights to patents, loses the non- 
assert promise from all other contributors and can they can assert  
their rights on the free_loader_party.

D) Patent_troll files patents. Patent_troll does not implement  
specifications. Patent_troll sues implementors. Unfortunately there  
is known legal method form removing patent_troll.

Summary: we need ALL members of the community to make non-assertion  
statements. Being part of the community means you will not sue any  
other member of the community for implementing an OpenID  
specification UNLESS you have explicitly stated that you have IP in a  
specification. (this prevents scenario (B))

Keeping OpenID OPEN (Goal 4 elaboration)
----------------------------------------------------------
Other people may not think this is that important of a goal, but  
having had personal experience here, I strongly think it is something  
that we need to address in the creation of our policy.
A short story: I attended 3 IETF meeting to try and start a working  
group to solve what OpenID solves. Clearly there was a problem.  
Clearly nothing else was solving what needed to be solved. The inner  
circle either thought the problem was already solved, or had a  
different idea on how to solve it. Clearly there was a need since  
OpenID has generated significant interest and participation. Given  
this experience, I am sensitive to how a standards organization can  
become insular to outsiders. I don't want this to happen in OpenID.  
We must prevent OpenID from being run by an inner circle that places  
significant barriers to new members. Successful open source projects  
work hard at welcoming new members. The ones that don't drift away  
and become less relevant. Let's make sure we keep the "open" in OpenID.

How might OpenID get CLOSED?

I will propose that an organization gets closed when there are  
barriers to membership,  or when it no longer represents its membership.
By maintaining a low bar for someone to be a member, and for major  
decisions to be made by the membership rather then an elite group, I  
think OpenID can stay OPEN.

wrt. the OpenID IPR Process and Policy I would propose the following  
major decisions be made by the OpenID Community:

1) approval of working groups.
A group of specifications advisors that can assist any party  
interested in starting a working group to create a charter, scope and  
related documents will simplify the application process and assist in  
creating clear, concise charters -- but let the Community vote if the  
working group should be started

2) approval of final specifications
once again the Community is who the specifications are for, and once  
again a specifications advisory group can guide the WG towards  
creating a specification that is acceptable to the community

3) changing the IPR policy and process
Any change to the policy and process should be done so that it  
continues to reflect the objectives of the community. The OpenID  
Foundation Board and Specifications Advisors should be able to  
clearly articulate to the Community what needs to change and why, but  
the Community should vote on the change to ensure that it truly is  
what the Community wants.

OpenID Community

So who is the OpenID Community? One simple method of defining that is  
that everyone that is a member of the OpenID Foundation, is a member  
of the community. For people financially challenged, there is a means  
for the board to make individuals members as "invited experts". The  
fees are not prohibitive to anyone that has a vested interest in  
OpenID. I think this enables us to have a clear line on who is in. It  
also mirrors IETF in some ways in that whoever pays fees and shows up  
to IETF meetings is a member of the community.

I know we all want to get the IPR process and policy done, but if we  
don't do it right, we will all be very unhappy in the not too distant  
future.

-- Dick




More information about the legal mailing list