[OpenID] a truly OPEN process and policy for OpenID IPR
Hans Granqvist
hans at granqvist.com
Mon Dec 3 09:53:02 UTC 2007
> ...
> Patents (Goal 3 elaboration)
Did IBM handle most (or some) of your outlined cases with the
Common Public License (CPL) <http://opensource.org/licenses/cpl1.0.php>?
Can CPL be used for OpenID at all?
> ...
> Keeping OpenID OPEN (Goal 4 elaboration)
You make some interesting arguments.
I think a comparison with WS-Security (WSS) is proper. WSS is sort of
in the same space as OpenID: securing messages between multiple
parties.
I think everyone agrees WSS is a non-trivial standard with quite complex
dependencies (SOAP and XML signatures/encryption anyone?)
Yet, WSS went thru a major rev in an OASIS committee that had several
dozens of technically and politically savvy corporations in 22 months. I
think OpenID 2.0 is counting 19 now, and that for a much smaller delta
than WSS's rev.
You posit that openness is great and how important it is that OpenID
is open for everyone, but maybe the OpenID spec work is *too open*?
Maybe the openness -- this ability for anyone to join in -- slows down the
progress?
(I also think it's not correct to equate openness for source and openness
for spec work -- it's much easier to verify correctness in code changes
than it is in spec changes, but that's a different email.)
Maybe a specification *needs* to be either developed in-house (like SSL)
or in a standards body -- are there good examples of specs developed
the current 'OpenID way'?
Hans
More information about the general
mailing list