[OpenID] Shade's questions - Privacy for Foundation members

Sun Dec 14 17:37:48 UTC 2008

Fair enough, Eran.

But never forget VeriSign (a central player in the early OpenID movement) was created based on the systematic application of the power of just one patent. The whole of silicon valley was structured to be a market for RSA ciphers and security protocols, but none of those same 3000+ licensees got the ability to make (RSA-signed) certs or be a CA. Certs were put everywhere (ISO,IETF,Web) in standards, meantime - entirely on their own merit (mostly). As the non-US world was RSA patent free, certs were not properly considered proprietary (and in case, you are not forced to use RSA to sign them; which NSA spent a lot of time proving!).

Now, that was all entirely legitimate in my view - as was 100% transparently done (this was condition of my own involvement); and there was real choice as proven by the Java community initially adopting of non RSA certs. Being transparent, the whining level of the chatting classes was VERY VERY high (and the invective highly personal and often humiliating); the whole process exasperated a lot of people. But at least there was nothing hidden!

So, which reality do you prefer: transparent or submarine? Do you want to read the claims, or have some hint=hint that you'd "best" sign a covenant, ...since the party implies it has IP claims that it won't reveal to you, patent applications it won't disclose, and won't even formally disclaim that its own contributions to openid fall within the scope of its current or applied-for claims?

Such is the nature of OpenID and patents. Don't be disingenuous about what's going on!  But don't feel it's a giant conspiracy either: it's just how value is created in G7 service economies, with a lot of middle class salaries to pay.

While there is relative peace in patent land, we can make technical progress, and retain focus on the future buyers needs.

OpenID Community CLEARLY shows it is (somehow, incredibly) capable of holding a consensus in this morass of issues. And that's one reason I back it; as these "other" matters are as critical for adoption as is the engineering.

Now, Who was it who recently called for non-software engineers and protocol designers to join the (community) Board, and round out its portfolio of skills - in assurance, governance, and law?

Whoever it was, I agree with him/her. Members! Just a Few days left to vote!

> -----Original Message-----
> From: Eran Hammer-Lahav [mailto:eran at hueniverse.com]
> Sent: Sunday, December 14, 2008 8:52 AM
> To: Peter Williams; SitG Admin; general at openid.net
> Subject: RE: [OpenID] Shade's questions - Privacy for Foundation
> members
>
> I don't share any of your cynicism regarding standards work. Yes, there
> are many cases where it is driven by nothing more than the desire to
> dominate a market by some players, but there are many (many) examples
> where it was really about advancing the general state of technology.
>
> > From: Peter Williams [mailto:pwilliams at rapattoni.com]
> > Sent: Sunday, December 14, 2008 6:10 AM
> >
> > I cannot join (and happily give my $100) because of the IP rules (on
> > members no less, vs IP contributors). So I do it indirectly but
> within
> > the rules here, arguably in a useful manner.
>
> First, it is $25. Second, what specific IP rules prevent you from
> joining? My personal issues with the OpenID foundation IPR policy are
> that it doesn't secure more rights for the community, which means it
> will take more power away from those who participate in creating
> specifications. But it sounds like you feel the current policy has
> already gone too far. I would be interested to learn what exactly is
> your issue (please quote specific language from the IPR policy).
>
> EHL