[OpenID] On the OpenID trademark

Johannes Ernst jernst+openid.net at netmesh.us
Wed Apr 4 05:25:42 UTC 2007 

As you may recall, when the convergence movement around the OpenID  
term started last summer, it became clear that the term "OpenID"  
needed to be protected as a trademark, otherwise it would become  
meaningless over time. At the time, the OpenID Foundation did not  
exist, nor did we have any real infrastructure in the community to  
address IP issues like it. So I volunteered to use my company to take  
steps to protect it and filed for a registration. The good news is  
that the trademark registration was granted in the past few days.  
Which means that as a community all interested in the mark, we now  
need to define how we want to deal with the rights and obligations  
that a trademark poses.

To re-iterate one more time, it is my and my company's intention to  
transfer all rights in the OpenID mark to the OpenID Foundation as  
soon as it is properly set up and an appropriate IP policy and  
governance has been put together (part of which is the trademark  
policy); in the meantime, rest assured we have no evil intentions and  
want to conduct ourselves in the spirit of this community, which is  
constructive cooperation. (I keep getting messages "how much are you  
going to charge me for the use of the mark" -- no! That's not the  
goal here! ;-))

My goal with this message is to align what we need to do as the  
current legal owner of the trademark and the needs and thoughts of  
the larger community.

The point of the OpenID trademark is, of course, to communicate to  
users that a particular product (e.g. a website) can be used in a  
particular way (e.g. you can authenticate using OpenID). So we want  
to encourage people to use the trademark to communicate that to their  
users because that's what it is for. Conversely, people should be  
prevented from using the trademark if that promise to the user is not  
met (e.g. you need your social security number to log in and it  
chokes on URLs, or a piece of "OpenID-enabled" software a user might  
buy has no identity concept whatsoever).

The important part is that under my understanding of trademark law  
(and I'm clearly not a lawyer), we need to be very clear about what  
is a permissible use of the mark, and what isn't. And if somebody  
uses the mark in a different manner, we need to police the mark (e.g.  
send cease-and-desist letters), otherwise the mark becomes "generic",  
which means anybody can use it for anything, which defeats the  
purpose of the common term in the first place. (OpenID ketchup or  
spark plugs anybody?)

If you have been following the board meeting minutes, you probably  
saw that we have consensus on the Foundation Board, see http:// 
openid.net/wiki/index.php/OpenID_Foundation/Board/Minutes/ 
2007-03-15#Trademarks

So until somebody convinces me of something else, my thoughts are as  
follows:

1. we need to define the requirements that a product must meet before  
it is allowed to use the OpenID trademark, such as the specifications  
that it needs to conform to
2. we need to define a process by which the requirements evolve over  
time (e.g. old specs are obsoleted or evolved, new specs are added etc.)
3. we need to do this in a manner that is as inclusive as possible  
(so nobody can hi-jack the process and bend it to favor one party  
over another), while being effective and fast (important for  
trademark enforcement.)

Note that this discussion is largely independent of compliance /  
conformance / certification etc. (If there was a dispute on whether X  
indeed implements protocol Y, we will have to decide how to tell, but  
this discussion can wait a bit longer.)

As the current trademark owner, we have to have a policy, which  
currently is:

Re 1. Product must support either the consumer or server side, or  
both, of
  - http://openid.net/specs/specs-1.0.bml, or
  - http://openid.net/specs/specs-1.1.bml, or
  - both
This confirms current practice (the many OpenID implementations out  
there), which is all we are trying to do at this point.

Re 2 and re 3. What I'm trying to get to starting with this message ;-)

So far so good? Does this sound reasonable?

I'm particularly interested in your input on #2 and #3 above. Should  
we have some kind of "trademark policy committee" appointed by the  
community? Chartered by the foundation board? Majority vote?  
Unanimity? Implementors favored over users in terms of voting? Users  
over implementors? ...?

Your thoughts very welcome ...

Cheers,





Johannes Ernst
NetMesh Inc.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-relying-party-authenticated.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070403/0bd8d41e/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070403/0bd8d41e/attachment-0005.gif>
-------------- next part --------------
  http://netmesh.info/jernst

More information about the general mailing list