[legal] Draft OpenID Intellectual Property Rights Policy for Review
drecordon at sixapart.com
Wed Sep 26 08:35:18 PDT 2007
Since the early summer we've been working to define an intellectual
property rights policy and process for technical OpenID specification
work moving forward. The goal of this work is to truly allow the
community to continue to live up to Brad Fitzpatrick's original
"nobody should own this" statement. As the community has grown this
year to include participation of larger companies, the desire to make
this statement a reality from a legal perspective has been quite
strong. To achieve this, a group of representatives from the OpenID
Foundation, AOL, Microsoft, VeriSign, Sun, Symantec, and Yahoo!
worked to help draft and review a policy and related documents basing
the work upon similar policies from the IETF, OASIS, W3C, and Liberty
Alliance. Today we're asking for review of this work for thirty days
so that before the end of the year we as a community can adopt the
policy and release the OpenID Authentication 2.0 specification final
version under it.
As to the question of "What does this mean to me", there are a few
- If you are using/implementing OpenID there is nothing that you
need to do to be protected by this policy. All future work will be
covered by it and the policy includes provisions to retroactively
apply the non-assertion covenant to OpenID Authentication 1.1, OpenID
Simple Registration 1.0, and Yadis 1.0.
- If you have actively contributed to one of the OpenID
specifications (especially if you have written text for 2.0) we will
be contacting you proactively over the next month for feedback on the
policy and asking you to agree to it. This will thus allow us as a
community to release the 2.0 specification this year under the policy.
- Once the policy is adopted, specification work will be broken up
into "working groups" based upon a topic. For example Authentication
and Attribute Exchange will most likely become two working groups
with each group having its own specs-<foo>@openid.net mailing list.
This is to allow for IPR promises from the larger companies which may
not wish to participate in every OpenID community effort. Before
posting to one of these working group lists for the first time, you
will be required to agree to the policy. This will ensure that all
formal contributions to the final specifications are covered by the
policy and the resulting spec does not have any known IPR encumbrances.
As part of this effort, we've also drafted a rationale document to
help explain some of the "design decisions" the group made.
Generally I recommend you read that document (it is free from
legalese) and it can be found at http://openid.net/ipr/
OpenID_IPR_Rationale-Circulation_Draft_20070925.pdf. The policy and
process documents themselves can be found at http://openid.net/ipr/.
(I apologize for the PDFs, we'll get these up in HTML format before
they're final). If you didn't see your question answered in this
email, please do look at the rationale document as it hopefully will
already be answered there.
We've tried to keep the policy and process as simple as possible
while still giving the needed legal protections and are looking for
feedback around the process. One thing to keep in mind is that the
process is based on consensus (much like the IETF or ASF) and many of
the clauses only apply in the case that consensus is impossible to
reach (which is viewed as being quite rare). There is also still
some word-smithing which is needed, so anyplace it seems like we
meant to say the "OpenID Foundation" instead of "OpenID", we probably
meant to. :)
We realize this is a lot to process, but have tried our best to
represent the views of a wide range of companies with varying IPR
positions as well as the values of this community. We're certainly
interested in feedback and questions, ideally within the next thirty
days sent to legal at openid.net. Differing from many discussions, even
if all you have to say is "+1" that is valuable feedback so that we
can know if we're on the right track. Please also feel free to
contact me off-list if there are any questions or concerns you have
that you don't wish to discuss publicly though we certainly encourage
this discussion to happen on the list.
Thanks again to everyone who has been involved in this work!
More information about the legal