incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davanum Srinivas <>
Subject TSIK incubation hurdle - Patents!
Date Thu, 16 Jun 2005 17:28:19 GMT
Hi all,

Apache WSS4J is an implementation of OASIS Web Services Security specification
WS-Security was originally developed by IBM, Microsoft and Verisign
The IPR statements from various companies are listed here
Verisign has offered TSIK for incubation
WS-PMC has voted to accept it.

As part of the incubation process, we had a call with Hans Granqvist and
DJ Power from Verisign. DJ is the chief IP person dealing with legal 
issues and Hans is the dev lead who is driving the incubation / donation
process. David informed us that there are patent concerns w.r.t to 
WS-Security and they are working with Microsoft and IBM on it. I have no
knowledge of any patents that we are infringing on w.r.t WSS4J and have 
not seen the verisign tsik code either. Anyways, if you see the IPR
statements on the oasis web site, there is no clue on specific patents
involved, except for SAML (from RSA-Security). Folks here may remember 
that we killed OpenSAML incubation, specifically because of this reason.
Anyway back to the current situation, Here's what they are proposing how
we could go about the incubation process.

- Verisign can donate code ASAP. They know that it will be in full 
  public view.
- Verisign would come up with a small text paragraph that we could make
  part of the build process, our web site etc warning that users should
  talk to respective companies if they want to use the code. 
- The team working on the code will choose not to make any milestone 
  releases till tsik exits incubation.  
- Verisign will work with IBM and Microsoft and ensure that any releases
  for TSIK will be under just ASL 2.0 and nothing more.
- If after a reasonable time, we (Verisign and Apache) can decide to 
  kill the incubation process if there is no movement on the IP front.
- As part of that process, we can nuke all the TSIK code in our SVN

Is this acceptable to us? Isn't incubation the place (and process) for
sorting through these issues?

Additional Notes: I had to google for 15+ minutes to get this information
- Microsoft's license is listed here:
- Hans verified that "Verisign's current license for WS-Security is in 
  their TSIK release, where it is part of an click-thru installshield 
  installer. It is also referenced in the source.". 
- Apparently IBM's license details are not public:
- I've asked Sam Ruby to ping IBM legal about the license.
- Had a exploratory short call with Kim Cameron (MSFT) about Infocard
etc. Mentioned this problem as well. He *may* write up something on
his blog/site. I need to sync up with BenL (about a follow up call
with them). Verisign folks are talking to IBM and MSFT as well.

Davanum Srinivas -

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message