OpenSAML (was RE: Incubator DOA)

[Scott Cantor <ca...@osu.edu>]

> It seemed to me that OpenSAML had issues best addressed by the board 
> with some advice and consent by the members.  The division of
> responsibility should be clarified here.  One board member did respond.
> The proponent seemed to argue the point without addressing the issue, and
> I think it was mostly dropped.

I'm not sure if the "proponent" you're referring to is the author (me), or the person who solicited us to submit the project to the
new WS PMC.

In any case, I certainly agree with your first statement about it being a board-level issue.

I certainly disagree that I didn't address the issue. Your issue was that you didn't believe the RSA license (that may never get
released, the way things are going ;-) would be royalty-free, which simply disregards the history of the discussion with RSA that
you weren't part of. It will be, whether you believe it or not. Debating that is a waste of our time, since neither of us controls
the terms.

*My* issue is that it still remains a license that developers would have to get, and there's no guarantee that the license will be
royalty free forever, though I rather think it will. I agree, that's a concern, and it may be that Apache simply can't accept such
any such terms. That's fine too.

I remain of the opinion that if the patent itself is the real issue, then you might as well vote now on that basis. If the terms of
the license that they release sometime in the hopefully near future are the issue, then I think it's simply wise to defer the
discussion until that time.

In any case, I haven't dropped it. If you want to vote it down, then do so, and we'll get on with life. Last I heard, the Apache
representative who approached me had sent a note off to RSA expressing concern over the issue, and was awaiting a response.

Sorry to interrupt, please resume your flaming as necessary.

-- Scott

Re: OpenSAML (was RE: Incubator DOA)

["Andrew C. Oliver" <ac...@apache.org>]

Dirk-Willem van Gulik wrote:

>Folks,
>
>Could you toss the board a bone here - i.e. reach consensus what *we* as
>developers (all of us :-) feel are acceptable boundaries for working on
>that code.
>  
>
Yes.

>Then the board will help define what the ASF deems acceptable, and work
>with you to convey this to RSA and/or negotiate the right sort of legal
>paperwork with RSA.
>  
>
Okay.

>Some thoughds:
>
>-	Zero Royalty versus (perpetual) Royalty Free ? Or a perpatual
>	license with Zero Royalty today.
>  
>
Yes we want RSA to sign that they give a Royalty Free, perpetual license 
to use this patent inside of the propose OpenSAML project. 

>-	Does it affect just ASF Developers or also the End-Users or people
>	who download our code ?
>  
>
End users should not be required to acquire a seperate license from RSA 
in order to use OpenSAML for any purpose including embedding it in 
security products.

>-	Does it affect individual developers or can the ASF act as an
>	effective umbrella for all its committers ?
>  
>
Developers should not be required to acquire a license in order to work 
on the OpenSAML project. 

Thoughts?

-Andy

RE: OpenSAML (was RE: Incubator DOA)

[Davanum Srinivas <di...@yahoo.com>]

Dirk,

The WS-PMC wants to build new Apache WS projects on SAML....Here's the VOTE RESULTS that i sent to
this mailing list. (http://marc.theaimsgroup.com/?l=incubator-general&m=104549544123838&w=2)

Thanks,
dims

--- Dirk-Willem van Gulik <di...@webweaving.org> wrote:
> 
> 
> On Thu, 13 Mar 2003, Scott Cantor wrote:
> 
> > In any case, my thoughts notwithstanding, it's obviously something that
> > the people interested in building new Apache WS projects on SAML should
> > decide.
> 
> Aye - and the board@ is unlikely to do anything significant until at least
> that group has reached some sort of consensus :-)
> 
> Dw
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
> 


=====
Davanum Srinivas - http://webservices.apache.org/~dims/

__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com

RE: OpenSAML (was RE: Incubator DOA)

[Dirk-Willem van Gulik <di...@webweaving.org>]

On Thu, 13 Mar 2003, Scott Cantor wrote:

> In any case, my thoughts notwithstanding, it's obviously something that
> the people interested in building new Apache WS projects on SAML should
> decide.

Aye - and the board@ is unlikely to do anything significant until at least
that group has reached some sort of consensus :-)

Dw

RE: OpenSAML (was RE: Incubator DOA)

[Scott Cantor <ca...@osu.edu>]

> Some thoughts:
> 
> -	Zero Royalty versus (perpetual) Royalty Free ? Or a perpatual
> 	license with Zero Royalty today.

I think a perpetual license is a big issue, because otherwise people have to assume the rug could be yanked from under them. I know
that's my biggest concern, personally. Speaking just as an employee and not a developer, I know that the spectre of a change in the
terms would bother my company a lot more than a token licensing fee.

> -	Does it affect just ASF Developers or also the End-Users or people
> 	who download our code ?

I think the fax-back requirement on end-users/developers who download the library sucks, no doubt about it. It would be nice to
achieve the détente that Roy mentioned, which presumes acceptance of the terms.

> -	Does it affect individual developers or can the ASF act as an
> 	effective umbrella for all its committers ?

In light of the language there, and the fact that the code that those devlopers commit is donated to the ASF, I would guess that
this is pretty much the spirit of what's there now.

In any case, my thoughts notwithstanding, it's obviously something that the people interested in building new Apache WS projects on
SAML should decide.

-- Scott

Re: OpenSAML (was RE: Incubator DOA)

[Dirk-Willem van Gulik <di...@webweaving.org>]

On Thu, 13 Mar 2003, Andrew C. Oliver wrote:

> I object to this.  And it did not say WILL be royalty-free it said
..
> I object to that as well.
..
> I would like to petition the board for such a statement.

Folks,

Could you toss the board a bone here - i.e. reach consensus what *we* as
developers (all of us :-) feel are acceptable boundaries for working on
that code.

Then the board will help define what the ASF deems acceptable, and work
with you to convey this to RSA and/or negotiate the right sort of legal
paperwork with RSA.

Some thoughds:

-	Zero Royalty versus (perpetual) Royalty Free ? Or a perpatual
	license with Zero Royalty today.

-	Does it affect just ASF Developers or also the End-Users or people
	who download our code ?

-	Does it affect individual developers or can the ASF act as an
	effective umbrella for all its committers ?

Obviously - the spirit of the ASF license are our main guideline; we'd
like our code to be as unencumbered for others to work on. But at the same
time we have the frameworks to work with people like SUN or RSA if needed
to ensure that things like the nessesary patent licenses are obtained.

Dw

Re: OpenSAML (was RE: Incubator DOA)

["Andrew C. Oliver" <ac...@apache.org>]

Scott Cantor wrote:

>>There is the one I don't believe.  By their statement it did not say 
>>that developers using the software would have to obtain a seperate 
>>license that they "INTEND" to be free, then on the next line it kind of 
>>contradicted that.  IANAL but I see this as WAY more threatening than 
>>LGPL section 6. .  So I would expect the board to treat this 
>>as needing to be crystal clear.
>>    
>>
>
>Certainly, but I still don't know what you're reading into this. Let me try this one more time. The rule as it's currently going to
>be defined will be:
>
>Anybody downloading the code will have to obtain a royalty-free license from RSA to use it, separate from whatever other license
>applies (i.e. the ASL). Period. Unless the ASF talks them into changing their mind, that's the story. No ambiguity intended.
>  
>
I object to this.  And it did not say WILL be royalty-free it said 
INTEND and there is a special mention for those who might write 
security-base products.

>Will it be royalty-free forever and ever? No idea. But whatever you're reading into the statement they posted, I can clearly
>communicate that the above is exactly what we've been told in plain English.
>  
>
I object to that as well.

>If that's a deal-breaker for the board, then I'm simply suggesting that that be made clear so that the principals can either drop
>the proposal or tell RSA that it's a problem. The latter has been done informally, but obviously there's a stronger case to be made
>to them if we can say "change it or the standard isn't going to be accepted".
>  
>
I would like to petition the board for such a statement.


>
>Unlike RSA's intent, the above is not clear to me. I have no idea whether a requirement to fax RSA a signed document constitutes a
>"hindrance". If what you mean is that there are no other terms in play other than the ASL, then this is asked and answered, I think.
>Right now, the answer is no, the ASL is only the code license. Right to use a SAML library (as opposed to a product) requires direct
>permission from RSA at no cost.
>  
>
This is not clear to me. 

-Andy

>  
>
>>I do not think my concerns are petty and irrelevant as you seem to.
>>    
>>
>
>I'd ask that you please don't put words in my mouth. Your concerns are unclear to me. If they were petty and irrelevant, I wouldn't
>be wasting my precious time responding to them.
>
>-- Scott
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>For additional commands, e-mail: general-help@incubator.apache.org
>
>
>  
>

Re: OpenSAML (was RE: Incubator DOA)

["Roy T. Fielding" <fi...@apache.org>]

> Anybody downloading the code will have to obtain a royalty-free 
> license from RSA to use it, separate from whatever other license
> applies (i.e. the ASL). Period. Unless the ASF talks them into 
> changing their mind, that's the story. No ambiguity intended.
>
> Will it be royalty-free forever and ever? No idea. But whatever you're 
> reading into the statement they posted, I can clearly
> communicate that the above is exactly what we've been told in plain 
> English.
>
> If that's a deal-breaker for the board, then I'm simply suggesting 
> that that be made clear so that the principals can either drop
> the proposal or tell RSA that it's a problem. The latter has been done 
> informally, but obviously there's a stronger case to be made
> to them if we can say "change it or the standard isn't going to be 
> accepted".

My opinion is that the board will not accept such a proposal.  The board
might accept a conditional grant wherein the license to use is revoked
for a given user if and only if that user sues RSA for patent 
infringement.
Such grants are the commonly accepted form of a mutual-defense license.

....Roy (speaking with my ASF board member hat on)

RE: OpenSAML (was RE: Incubator DOA)

[Scott Cantor <ca...@osu.edu>]

> There is the one I don't believe.  By their statement it did not say 
> that developers using the software would have to obtain a seperate 
> license that they "INTEND" to be free, then on the next line it kind of 
> contradicted that.  IANAL but I see this as WAY more threatening than 
> LGPL section 6. .  So I would expect the board to treat this 
> as needing to be crystal clear.

Certainly, but I still don't know what you're reading into this. Let me try this one more time. The rule as it's currently going to
be defined will be:

Anybody downloading the code will have to obtain a royalty-free license from RSA to use it, separate from whatever other license
applies (i.e. the ASL). Period. Unless the ASF talks them into changing their mind, that's the story. No ambiguity intended.

Will it be royalty-free forever and ever? No idea. But whatever you're reading into the statement they posted, I can clearly
communicate that the above is exactly what we've been told in plain English.

If that's a deal-breaker for the board, then I'm simply suggesting that that be made clear so that the principals can either drop
the proposal or tell RSA that it's a problem. The latter has been done informally, but obviously there's a stronger case to be made
to them if we can say "change it or the standard isn't going to be accepted".

> No.  Accepting the project should be tied to the licensing issues 
> resolution.  Meaning a legal agreement stating clearly that 
> committers/developers/members have the right to use/develop the software 
> unhindered and that users can use the software under the same conditions 
> as goverened by the ASL license. 

Unlike RSA's intent, the above is not clear to me. I have no idea whether a requirement to fax RSA a signed document constitutes a
"hindrance". If what you mean is that there are no other terms in play other than the ASL, then this is asked and answered, I think.
Right now, the answer is no, the ASL is only the code license. Right to use a SAML library (as opposed to a product) requires direct
permission from RSA at no cost.

> I do not think my concerns are petty and irrelevant as you seem to.

I'd ask that you please don't put words in my mouth. Your concerns are unclear to me. If they were petty and irrelevant, I wouldn't
be wasting my precious time responding to them.

-- Scott

Re: OpenSAML (was RE: Incubator DOA)

["Andrew C. Oliver" <ac...@apache.org>]

>
>
>I certainly disagree that I didn't address the issue. Your issue was that you didn't believe the RSA license (that may never get
>released, the way things are going ;-) would be royalty-free, which simply disregards the history of the discussion with RSA that
>you weren't part of. It will be, whether you believe it or not. Debating that is a waste of our time, since neither of us controls
>the terms.
>  
>
I think we have a misunderstanding on what it was I'm taling about.

>*My* issue is that it still remains a license that developers would have to get, and there's no guarantee that the license will be
>royalty free forever, though I rather think it will. I agree, that's a concern, and it may be that Apache simply can't accept such
>any such terms. That's fine too.
>  
>
There is the one I don't believe.  By their statement it did not say 
that developers using the software would have to obtain a seperate 
license that they "INTEND" to be free, then on the next line it kind of 
contradicted that.  IANAL but I see this as WAY more threatening than 
LGPL section 6. .  So I would expect the board to treat this as needing 
to be crystal clear.

>I remain of the opinion that if the patent itself is the real issue, then you might as well vote now on that basis. If the terms of
>the license that they release sometime in the hopefully near future are the issue, then I think it's simply wise to defer the
>discussion until that time.
>  
>
No.  Accepting the project should be tied to the licensing issues 
resolution.  Meaning a legal agreement stating clearly that 
committers/developers/members have the right to use/develop the software 
unhindered and that users can use the software under the same conditions 
as goverened by the ASL license. 

>In any case, I haven't dropped it. If you want to vote it down, then do so, and we'll get on with life. Last I heard, the Apache
>representative who approached me had sent a note off to RSA expressing concern over the issue, and was awaiting a response.
>  
>
I do not think my concerns are petty and irrelevant as you seem to.

Thanks,

Andy

>Sorry to interrupt, please resume your flaming as necessary.
>
>-- Scott
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>For additional commands, e-mail: general-help@incubator.apache.org
>
>
>  
>