incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davanum Srinivas <>
Subject Re: TSIK incubation hurdle - Patents!
Date Wed, 22 Jun 2005 19:15:32 GMT
Here's the IBM License for WS-Security:

-- dims

On 6/16/05, Davanum Srinivas <> wrote:
> Hi all,
> Background:
> Apache WSS4J is an implementation of OASIS Web Services Security specification
>   -
> WS-Security was originally developed by IBM, Microsoft and Verisign
>   -
> The IPR statements from various companies are listed here
>   -
> Verisign has offered TSIK for incubation
>   -
> WS-PMC has voted to accept it.
>   -
> Situation:
> As part of the incubation process, we had a call with Hans Granqvist and
> DJ Power from Verisign. DJ is the chief IP person dealing with legal
> issues and Hans is the dev lead who is driving the incubation / donation
> process. David informed us that there are patent concerns w.r.t to
> WS-Security and they are working with Microsoft and IBM on it. I have no
> knowledge of any patents that we are infringing on w.r.t WSS4J and have
> not seen the verisign tsik code either. Anyways, if you see the IPR
> statements on the oasis web site, there is no clue on specific patents
> involved, except for SAML (from RSA-Security). Folks here may remember
> that we killed OpenSAML incubation, specifically because of this reason.
> Anyway back to the current situation, Here's what they are proposing how
> we could go about the incubation process.
> - Verisign can donate code ASAP. They know that it will be in full
>   public view.
> - Verisign would come up with a small text paragraph that we could make
>   part of the build process, our web site etc warning that users should
>   talk to respective companies if they want to use the code.
> - The team working on the code will choose not to make any milestone
>   releases till tsik exits incubation.
> - Verisign will work with IBM and Microsoft and ensure that any releases
>   for TSIK will be under just ASL 2.0 and nothing more.
> - If after a reasonable time, we (Verisign and Apache) can decide to
>   kill the incubation process if there is no movement on the IP front.
> - As part of that process, we can nuke all the TSIK code in our SVN
> Is this acceptable to us? Isn't incubation the place (and process) for
> sorting through these issues?
> Additional Notes: I had to google for 15+ minutes to get this information
> - Microsoft's license is listed here:
> - Hans verified that "Verisign's current license for WS-Security is in
>   their TSIK release, where it is part of an click-thru installshield
>   installer. It is also referenced in the source.".
> - Apparently IBM's license details are not public:
> - I've asked Sam Ruby to ping IBM legal about the license.
> - Had a exploratory short call with Kim Cameron (MSFT) about Infocard
> etc. Mentioned this problem as well. He *may* write up something on
> his blog/site. I need to sync up with BenL (about a follow up call
> with them). Verisign folks are talking to IBM and MSFT as well.
> --
> Davanum Srinivas -

Davanum Srinivas -

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message