[legal] [OpenID] Draft OpenID Intellectual Property RightsPolicy for Review

Bajaj, Siddharth sbajaj at verisign.com
Fri Oct 26 19:07:07 UTC 2007

Hi David,

The only comment that VeriSign still has open is around the reinstatement of
What is the latest consensus on this issue?


David Recordon wrote:

> Hi all,
> Just wanted to remind everyone that if you have comments, please make
> sure they are received by the 26th which is only a few days away.  So
> far we still seem to be on track to finalize this IPR policy.
> Thanks again,
> --David
> On Sep 26, 2007, at 8:35 AM, David Recordon wrote:
> > Since the early summer we've been working to define an intellectual
> > property rights policy and process for technical OpenID specification
> > work moving forward.  The goal of this work is to truly allow the
> > community to continue to live up to Brad Fitzpatrick's original
> > "nobody should own this" statement.  As the community has grown this
> > year to include participation of larger companies, the desire to make
> > this statement a reality from a legal perspective has been quite
> > strong.  To achieve this, a group of representatives from the OpenID
> > Foundation, AOL, Microsoft, VeriSign, Sun, Symantec, and Yahoo!
> > worked to help draft and review a policy and related documents basing
> > the work upon similar policies from the IETF, OASIS, W3C, and Liberty
> > Alliance.  Today we're asking for review of this work for thirty days
> > so that before the end of the year we as a community can adopt the
> > policy and release the OpenID Authentication 2.0 specification final
> > version under it.
> >
> > As to the question of "What does this mean to me", there are a few
> > answers:
> >   - If you are using/implementing OpenID there is nothing that you
> > need to do to be protected by this policy.  All future work will be
> > covered by it and the policy includes provisions to retroactively
> > apply the non-assertion covenant to OpenID Authentication 1.1, OpenID
> > Simple Registration 1.0, and Yadis 1.0.
> >   - If you have actively contributed to one of the OpenID
> > specifications (especially if you have written text for 2.0) we will
> > be contacting you proactively over the next month for feedback on the
> > policy and asking you to agree to it.  This will thus allow us as a
> > community to release the 2.0 specification this year under the policy.
> >   - Once the policy is adopted, specification work will be broken up
> > into "working groups" based upon a topic.  For example Authentication
> > and Attribute Exchange will most likely become two working groups
> > with each group having its own specs-<foo>@openid.net mailing list.
> > This is to allow for IPR promises from the larger companies which may
> > not wish to participate in every OpenID community effort.  Before
> > posting to one of these working group lists for the first time, you
> > will be required to agree to the policy.  This will ensure that all
> > formal contributions to the final specifications are covered by the
> > policy and the resulting spec does not have any known IPR
> > encumbrances.
> >
> > As part of this effort, we've also drafted a rationale document to
> > help explain some of the "design decisions" the group made.
> > Generally I recommend you read that document (it is free from
> > legalese) and it can be found at http://openid.net/ipr/
> > OpenID_IPR_Rationale-Circulation_Draft_20070925.pdf.  The policy and
> > process documents themselves can be found at http://openid.net/ipr/.
> > (I apologize for the PDFs, we'll get these up in HTML format before
> > they're final).  If you didn't see your question answered in this
> > email, please do look at the rationale document as it hopefully will
> > already be answered there.
> >
> > We've tried to keep the policy and process as simple as possible
> > while still giving the needed legal protections and are looking for
> > feedback around the process.  One thing to keep in mind is that the
> > process is based on consensus (much like the IETF or ASF) and many of
> > the clauses only apply in the case that consensus is impossible to
> > reach (which is viewed as being quite rare).  There is also still
> > some word-smithing which is needed, so anyplace it seems like we
> > meant to say the "OpenID Foundation" instead of "OpenID", we probably
> > meant to. :)
> >
> > We realize this is a lot to process, but have tried our best to
> > represent the views of a wide range of companies with varying IPR
> > positions as well as the values of this community.  We're certainly
> > interested in feedback and questions, ideally within the next thirty
> > days sent to legal at openid.net.  Differing from many discussions, even
> > if all you have to say is "+1" that is valuable feedback so that we
> > can know if we're on the right track.  Please also feel free to
> > contact me off-list if there are any questions or concerns you have
> > that you don't wish to discuss publicly though we certainly encourage
> > this discussion to happen on the list.
> >
> > Thanks again to everyone who has been involved in this work!
> >
> > --David
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> _______________________________________________
> legal mailing list
> legal at openid.net
> http://openid.net/mailman/listinfo/legal

More information about the legal mailing list