incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Cantor <>
Subject RE: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of Web Services )
Date Fri, 21 Feb 2003 15:36:17 GMT
> On my part this is -1 on these types of terms in general.  
> These terms basically make Apache a free development
> subsidiary of RSA which is just not good.

I'm not sure I follow this line of reasoning. The license language that they are supposedly
writing does not connote any such thing.
It says if you want their SAML patent rights for free, you give them your SAML patent rights.
It doesn't promise code (which is
hardly an issue for Apache which already lets them use the code), and it doesn't offer other

Do these terms make Sun a subsidiary of RSA? They have a SAML product out now.

The danger is in the lockdown that occurs if they changed the license such that the terms
were no longer acceptable, not in the
initial terms.

The terms aren't done, but this is a moot discussion until they are...I would not advise the
PMC to even take a final vote until the
terms are public.

> This is not specific to 
> OpenSAML.  I look forward to a web services security standard which is
> not tied to proprietary licensing.

Then I fear Apache or someone else would need to create one, unfortunately. Neither OASIS
nor the W3C appear to be headed in such a
direction, and as others noted, it's impossible to know for certain that you will be free
and clear anywhere unless you're prepared
to fight patents in court.

> Is it possible to change the standard as not to infringe on 
> these patents?

If somebody can actually figure out exactly what parts of SAML are covered, then a factoring
of the code might be possible. I'm not
particularly inclined to such a direction myself, and I haven't the faintest idea how to read
patents, in most cases.

I don't see the standard itself addressing this, no.

-- Scott

View raw message