incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Drummond Reed" <>
Subject RE: [PROPOSAL] Heraldry Identity Project
Date Tue, 20 Jun 2006 16:55:07 GMT

I am very familiar with the SAML and OpenSAML problems; on this message I'm
cc'ing Peter Davis of NeuStar who has been helping to try to overcome those
for several years (with some recent progress).

Thankfully Peter and Gabe and others who were founding members of the XRI TC
said, "No way we're going down that road -- any and all XRI specs will be
100% royalty-free and open source-compatible, i.e., not require any

We have stayed true to that. Although XRI Resolution 2.0 does offer both
HTTPS-based resolution and SAML 2.0 signed assertions as trust options, both
are OPTIONAL and not in any way required.

So I can provide you with a very strong assurance on behalf of the OASIS XRI
TC members that the XRI specifications and any code that implements them
will meet the Apache IPR requirements.

My co-chair Gabe Wachob and I have been one of a set of OASIS TC chairs that
have been arguing hard for OASIS to adopt a more explicit "open source
compatible" IPR mode, and we would be happy to work with you and ASF to
continue to champion it. But at the same time we don't want that to slow
down any existing OASIS work such as XRI and XDI which has always been 100%
committed to open, royalty-free, open-source compatible specs.

In other words, we don't want our TC's penalized for the sins of other large
OASIS members who may not be as supportive of open source.

Please let us know how else we can assist this effort.

=Drummond (   

-----Original Message-----
From: Davanum Srinivas [] 
Sent: Tuesday, June 20, 2006 6:26 AM
Cc: Drummond Reed;
Subject: Re: [PROPOSAL] Heraldry Identity Project


Here's some background history of things that we have faced.

OpenSAML folks were interested in making OpenSAML an  Apache project.
So we did a bit of research and realized that RSA Security has put up
a page asking folks to sign a patent licensing aggrement [1]. AFAIK,
SAML is also under "open, public, and royalty-free". Apache could even
sign something with them, BUT for a clause that says that we have to
inform people who use our binaries to go talk to RSA Security. For us,
this was not acceptable. So we ended up not incubating OpenSAML.
Please see the following threads for additional info [2]

We've also had a follow up interaction with MSFT and IBM legal teams
on OASIS WS-Security when we started TSIK incubation. FWIW, Verisign
has an aggrement that they give out to people BUT not which is not
public. MSFT and IBM ended up saying that they don't have any patents
that affect WS-Security and Versign was covered using CCLA and
Software Grant.

For us here, we want to make sure that *anyone* can download our stuff
and use it in whichever fashion they want to. Both code and binaries.
Right now OASIS does not have a mechanism to make that happen
(Verisign has a non-public agreement for WS-Security, RSA Security has
clauses that make it impossible for us to do a SAML impl). Both the
old legacy regime and the new IPR regime in OASIS have holes IMHO.

How can we prevent these kinds of situation from happening?



On 6/20/06, Recordon, David <> wrote:
> This has obviously been something we've been looking at in order to do
> our own due diligence on XRI IPR before being willing to contribute the
> Yadis spec to be incorporated into XRI Resolution 2.0.  Drummond Reed
> sent me the following email further explaining this issue and asked me
> to forward it along to the list for him since he had not yet subscribed.
> David,
> As we discussed with you in drafting the proposal, all members of the
> OASIS XRI TC are fully prepared to sign the CCLA and any necessary
> software grants required by the ASF. In fact the OASIS XRI TC is one of
> the few OASIS TCs to have written the requirement into its charter for
> its specifications to be 100% open, public, and royalty-free. Following
> is the exact language from the XRI TC charter at
> > In no event shall this Technical Committee finalize or approve any
> technical
> > specification if it believes that the use, distribution, or
> implementation of
> > such specification would necessarily require the unauthorized
> infringement of
> > any third party rights known to the Technical Committee, and such
> third party
> > has not agreed to provide necessary license rights on perpetual,
> royalty-free,
> > non-discriminatory terms.
> As you know, I was personally involved not just in creating the patents
> involved, but in subsequently seeing that they were contributed to a
> non-profit public trust organization,, so that they could become
> open, public, royalty-free standards. Complete details of the
> contribution from to the OASIS XRI TC are on the TC IPR page at:
> The TC has already
> spawned one open source project ( that uses the Apache
> license (and whose code is already incorporated into other open source
> projects).
> I am copying my XRI TC co-chair, Gabe Wachob of Visa International, who
> can further attest to the depth of our commitment that the XRI standards
> would be 100% free and open and compatible with all open source
> implementations.
> Best,
> =Drummond
> -----Original Message-----
> From: Roy T. Fielding []
> Sent: Monday, June 19, 2006 5:19 PM
> To:
> Subject: Re: [PROPOSAL] Heraldry Identity Project
> This space in OASIS is a festering pile of claimed patents.
> Are all of the companies involved willing to sign the CCLA and software
> grants necessary to assure distribution under the Apache License?
> ....Roy
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Davanum Srinivas :

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message