[OpenID] IPR claims over OpenID 1.1

[Peter Williams]

Can any point to me threads of email where IPR claims, half-claims, intimations of claims, gossip about claims, talk about claims or other communications addressing any and all issues about possible legal encumbrances on OpenID 1.1 are discussed, please?

One thing is typical of true open source communities: they typically object to any and all encumbrances of software, they discuss the nature of such extensively on public threads, and the underlying legal claims being intimated or actually made by certain parties are generally well discussed for the public to read about. Absence of display or those community norms would represent a suspicious signal, in and of itself.

I'm going to predict that Microsoft legal and Microsoft Passport service is going to play a very interesting legalistic role here, since Passport been designed and operational for so long, uses the flow pattern of what SAML folk would call sp-initiated webSSO, and really only differs from OpenID 1.1 flow pattern (and SAML sp-initiated SSO patterns) on the issue of whether assertion makers shall be centralized or de-centralized. I remember writing a consultancy/design papers for Microsoft's DRM group a long time ago - design options for linking up DRM initiatives with their Passport initiative as well as their signed driver initiative. It really will be interesting to see how this all plays out - not trust is a marketable internet commodity.

Speaking as a (simple) potential buyer of OpenID systems software or services, however, when contrasting SAML vs. OpenID I already have taken note that its going to be critical that the IPR claims/covenants/litigation history in the SAML world and the OpenID world are fully and properly contrasted. From my middle phase investigation work on SAML, SAML seems to have settled down nicely, into a "settled claim" position. From my early phase investigation work into OpenID, OpenID seems in contrast to be starting out on the phase of a patent wars, associated FUD campaigns expressed in behaviors such as offering developer covenants, and the usual 2-3 year period of various forms of legal fencing. 

This pattern of legalistic behavior by various dominant parties in the OpenID community may well advocate that savvy buyers of OpenID-enabled systems wait before deciding upon actual OpenID adoption - until the dust settles in a few years. At the same, technologies that mega-corporations and investment groups start fighting over early may well have that which it takes -- to have major social impact. And that currently aligns with my technical judgment on the technological opportunities that OpenID offers, as a lightweight version of what the SAML world already offers B2C environments.