<br><br><div class="gmail_quote">On 23 July 2010 23:27, David Recordon <span dir="ltr"><<a href="mailto:recordond@gmail.com">recordond@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Inline...<br><br><div class="gmail_quote"><div class="im">On Fri, Jul 23, 2010 at 12:33 PM, Nathan <span dir="ltr"><<a href="mailto:nathan@webr3.org" target="_blank">nathan@webr3.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
To summarise then (with regards OpenID/OIDF specifications):<br>
<br>
All contributors have signed patent non assert agreements<br></blockquote><div><br></div></div><div>Yes.</div><div class="im"><div> </div><div><br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
The signed agreements can (not) be found here <a href="http://openid.net/ipr/" target="_blank">http://openid.net/ipr/</a></blockquote><div><br></div></div><div>This directory listing works again. It contains the non-asserts for OpenID 2.0 from those contributors. It doesn't look like the contribution agreements from PAPE are currently listed online, but every contirbutor signed one (and they should be put online).</div>
<div class="im">
<div> </div><div><br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">No patents from contributors covering OpenID specifications are disclosed.<br>
<br>
The non assert agreements protect contributors from each other (to an extent), they do not protect implementers.<br></blockquote><div><br></div></div><div>Incorrect. The non-asserts cover implementors as well.</div><div class="im">
<div> </div>
<div><br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">As far as you know the OpenID specs are not patent encumbered, but you advise implementers to access the legal situation with their legal council before writing a line of code, and if worried to go and license the relevant patent(s) or get patent non asserts.<br>
</blockquote><div><br></div></div><div>As is true for implementing any specification you find on the web.</div><div class="im"><div> </div><div><br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
The patent(s) may cover parts of other existing or future protocol specifications from non associated third parties, and of course the implementations of those.<br>
<br>
The copyright on OpenID specifications mean they cannot be released under CC-zero licenses (or similar), the licenses which are compatible are unknown, Janrain has opted for Apache V2 but may still be infringing on patents (as all implementations may be).<br>
</blockquote><div><br></div></div><div>These issues are orthogonal. The contribution agreements include a copyright license which allows the Foundation to distribute the specifications. We did not choose to adopt a CC license as the included copyright license can be shorter.</div>
<div><br></div><div>Implementations, such as JanRain, can choose their own licensing terms for their implementations. This is completely separate from the licensing of the specifications.</div><div class="im"><div><br></div>
<div><br></div>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">The 'OIDF hereby disclaims any responsibility for identifying the existence, or for evaluating the applicability, of any patents, patent applications, or other rights (including copyrights) claimed to be applicable to any Specification and will take no position on the validity or scope of any such rights.'<br>
<br>
The general advice is that because of the legal costs of a patent infringement case it's likely that anybody implementing will be infringing patents (if there are any, but they aren't disclosed) but they most likely won't be sued because of the costs involved.<br>
<br>
So, do I take it that I should just get on and implement the specifications, go for a license which keeps all rights reserved to the OIDF and hope for the best; ignore the patent matter, and if manages to get a business to the value where patent infringements would be worth going after seek legal council and worry about it then.<br>
</blockquote><div><br></div></div><div>I'm not a lawyer, can't given you legal advice, and don't understand your business. That said, hundreds of people and companies have implemented OpenID around the world.</div>
</div></blockquote><div><br>I think the story here is that, "the glass is 99% full". Having followed this for quite some time, I think it's nothing short of remarkable the achievement made by the members in advocating an open web. I remember in the days of passport something like OpenID just seemed unimaginable.<br>
<br>However, so great has the momentum of this movement been, that I think the conversation has shifted, in as little as two years, I would say "Open" has from being the exception to being the norm. This is a trend that seems to be accelerating, if anything.<br>
<br>I would argue that from a business point of view, in the current environment the intangible value to a business of the very remote chance of using patents should be weighed against the very real risk that an (even slightly) restrictive licensee, could be viewed negatively. <br>
<br>I think the classic case in point is the evolution of the web itself. In the early 90s gopher was the predominant protocol. It was TimBL persuading CERN to license it royalty free vs gopher's fear of being a restrictive license that was the clincher in evolution of both systems. (Even though gopher got it right in the end, but also too late!) [1]<br>
<br>Personally I dont mind too much which choice is taken, as I have a wealth of options to implement. But OpenID is a tech I like, one I'd want to promote and implement, and also see grow in success.<br><br>I'm not an OIDF member, but would now be a reasonable time to suggest, it's may be everyone's interests to consider a royalty free license?<br>
<br>[1] In February 1993, the <a href="http://en.wikipedia.org/wiki/University_of_Minnesota" title="University of Minnesota">University of Minnesota</a> announced that it would charge licensing fees for the use of its implementation of the Gopher server.<sup id="cite_ref-2" class="reference"><a href="http://en.wikipedia.org/wiki/Gopher_%28protocol%29#cite_note-2"><span>[</span>3<span>]</span></a></sup> As a consequence of this, some users were concerned that a licensing fee would also be charged for independent implementations.<sup id="cite_ref-3" class="reference"><a href="http://en.wikipedia.org/wiki/Gopher_%28protocol%29#cite_note-3"><span>[</span>4<span>]</span></a></sup><sup id="cite_ref-4" class="reference"><a href="http://en.wikipedia.org/wiki/Gopher_%28protocol%29#cite_note-4"><span>[</span>5<span>]</span></a></sup>
In contrast, no such limitation has ever been imposed on the World Wide
Web. The University of Minnesota later re-licensed its Gopher software
under the <a href="http://en.wikipedia.org/wiki/GNU_GPL" title="GNU GPL" class="mw-redirect">GNU GPL</a>.<sup id="cite_ref-5" class="reference"><a href="http://en.wikipedia.org/wiki/Gopher_%28protocol%29#cite_note-5"><span>[</span>6<span>]</span></a><br>
<br><a href="http://en.wikipedia.org/wiki/Gopher_%28protocol%29">http://en.wikipedia.org/wiki/Gopher_%28protocol%29</a><br><br></sup> </div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="gmail_quote"><div><div></div><div class="h5"><div>
<br></div><div><br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Am I correct?<br>
<br>
Best,<br><font color="#888888">
<br>
Nathan</font><div><div></div><div><br>
<br>
Chris Messina wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
On Wed, Jul 21, 2010 at 6:48 PM, Nathan <<a href="mailto:nathan@webr3.org" target="_blank">nathan@webr3.org</a>> wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Essentially the non-asserts are about protecting the creators of the<br>
technology, and less about protecting the implementors. It's up to each<br>
implementor to assess the legal situation with their own counsel (if it's<br>
important to them) before writing a line of code. The contributors<br>
obviously<br>
can't do that for you, they can only assess their own legal situation and<br>
act according to their interests.<br>
<br>
</blockquote>
well I can't afford to do that, nor do I have the time so doesn't really<br>
leave me much choice I guess :(<br>
</blockquote>
<br>
<br>
Most people can't afford this (including me, personally) and implement<br>
anyway.<br>
<br>
It's up to you, as I said, to determine your risk and proceed accordingly.<br>
<br>
If you can't or won't implement OpenID because you're concerned about being<br>
sued for patent infringement, consider how much patent litigation costs and<br>
then weigh that against the likelihood that anyone would really go after<br>
anyone worth less than 10s of millions of dollars for patent infringement.<br>
<br>
Hell, if anyone is really worried about your implementation, you can always<br>
go license the relevant patent(s).<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Not today. Depends on the copyright license that applies. The default is<br>
all<br>
rights reserved, so until we specify otherwise, that's the doctrine that<br>
applies.<br>
<br>
</blockquote>
okay, assuming that Apache License V2.0 is compatible given that janrain<br>
openid implementations are released under it, any word on CC<br>
Attribution-ShareAlike (for an implementation).<br>
<br>
</blockquote>
<br>
Copyright license on code is separate from patent licenses. Janrain<br>
libraries could still infringe patents, but you could at least create<br>
derivative works or fork the libraries thanks to the copyright license.<br>
<br>
Just remember to keep those issues separate.<br>
<br>
Chris<br>
<br>
<br>
</blockquote>
<br>
</div></div></blockquote></div></div></div><br>
</blockquote></div><br>