You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by Davanum Srinivas <di...@yahoo.com> on 2003/02/17 16:23:54 UTC
OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of Web Services )
Incubator Folks,
We (PMC@WS) had a VOTE for accepting OpenSAML as part of Web Services project. Here are the
results.
+1 from 12 members. Zero -1 or -0 or +0 votes.
What should we do next. Please advise.
Thanks,
dims
--- Davanum Srinivas <di...@yahoo.com> wrote:
> Incubator folks,
> We are starting a VOTE in ws-pmc. Will let you know the results.
>
> Dear WS PMC Members,
> Here's our first VOTE...Accept OpenSAML as a Web Services project.
>
> Details:
> http://nagoya.apache.org/wiki/apachewiki.cgi?OpenSAMLProposal
>
> Previous Discussion(s):
> http://marc.theaimsgroup.com/?l=incubator-general&w=2&r=1&s=OpenSAML&q=b
>
> My vote: +1
>
> Thanks,
> dims
>
> =====
> Davanum Srinivas - http://webservices.apache.org/~dims/
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Shopping - Send Flowers for Valentine's Day
> http://shopping.yahoo.com
=====
Davanum Srinivas - http://webservices.apache.org/~dims/
__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part
of Web Services )
Posted by "Andrew C. Oliver" <ac...@apache.org>.
>
> I think there was something (maybe on slashdot) recently about
> "letters of intent". The conclusion seemed to be that they are pretty
> much meaningless and unenforceable.
I think one also can keep this company's dubious history in mind.
-Andy
>
> Conor
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part
of Web Services )
Posted by Conor MacNeill <co...@cortexebusiness.com.au>.
Sam Ruby wrote:
> Andrew C. Oliver wrote:
>
>> Isn't that a no no?
>
>
> The board is discussing this.
>
> What scares the crap out of me is the weasel words. "intent to offer
> royalty free...".
>
> As a rule, lawyers are very careful in what they say and do not say. I
> can only presume that the word "intent" was carefully chosen.
>
I think there was something (maybe on slashdot) recently about "letters of
intent". The conclusion seemed to be that they are pretty much meaningless
and unenforceable.
Conor
RE: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of
Web Services )
Posted by Scott Cantor <ca...@osu.edu>.
> What scares the crap out of me is the weasel words. "intent to offer
> royalty free...".
>
> As a rule, lawyers are very careful in what they say and do
> not say. I can only presume that the word "intent" was carefully chosen.
We've assumed the word is there simply because they have not set the license in stone, but youneverknow.
It will surprise a great many companies if they decide not to offer it free. Rob P. has indicated the license terms are taking so
much time because it's free, and so the lawyers have better things to work on for the company.
But let's be frank. You either fight the patents, or you live with the terms you get, which can change at any time, or you negotiate
directly for better ones.
-- Scott
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part
of Web Services )
Posted by Sam Ruby <ru...@apache.org>.
Andrew C. Oliver wrote:
> Isn't that a no no?
The board is discussing this.
What scares the crap out of me is the weasel words. "intent to offer
royalty free...".
As a rule, lawyers are very careful in what they say and do not say. I
can only presume that the word "intent" was carefully chosen.
> Davanum Srinivas wrote:
>
>> Andrew,
>>
>> IANAL...But I think you are right.
>>
>> Thanks,
>> dims
>>
>> --- "Andrew C. Oliver" <ac...@apache.org> wrote:
>>
>>
>>> Clarify this for me. I might contribute to this OpenSAML, which I'm
>>> free to do as a member of Apache who would hence have license.
>>> However if I take this back to my company (outside of Apache) I must
>>> then seek another license which by intent (though not by agreement)
>>> would again be Royalty free?
>>> -Andy
>>>
>>> Scott Cantor wrote:
>>>
>>>
>>>
>>>>> Below is what seems the last mail on this subject on this list.
>>>>> Reading that, I tend to think that the incubator, at this point, is
>>>>> capable of taking a formal position on this matter, and we
>>>>> should probably ask the board.
>>>>>
>>>>>
>>>>
>>>> RSA posted a new statement on the SSTC web site and confirmed the
>>>> intent to offer royalty free
>>>>
>>>
>>> licenses to anyone building a
>>>
>>>
>>>> toolkit, and stating the builder's obligation to inform users that
>>>> they also must obtain a
>>>>
>>>
>>> license, so that's the situation.
>>>
>>>
>>>> The license itself is still not available, and I would be surprised
>>>> if it showed up all that
>>>>
>>>
>>> soon, frankly.
>>>
>>>
>>>> -- Scott
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>>>> For additional commands, e-mail: general-help@incubator.apache.org
>>>>
>>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>>> For additional commands, e-mail: general-help@incubator.apache.org
>>>
>>>
>>
>>
>>
>> =====
>> Davanum Srinivas - http://webservices.apache.org/~dims/
>>
>> __________________________________________________
>> Do you Yahoo!?
>> Yahoo! Shopping - Send Flowers for Valentine's Day
>> http://shopping.yahoo.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part
of Web Services )
Posted by "Andrew C. Oliver" <ac...@apache.org>.
Davanum Srinivas wrote:
>Andrew,
>
>Since Web Services = Legal Mine field...Getting the license for Apache will ensure that Apache as
>a Legal Entity will be protected and that the coding can go on for now. There are 2 JSR's in the
>jcp and WS-Security spec in OASIS that will need this as well.
>
>Am not sure there anything else we can do in this situation. Am afraid this problem is going to
>crop up up more and more in the future.
>
>
I see a false dilemma here.
Sure there is. There is always something to do or not do. In the case
of LGPL which the board also believes to impose terms on those using the
software which prevent free implementation, the board has decided not
simply ban the use of said software. Personally, I expect the board to
hold to that standard even moreso here. If I understand these terms
correctly, this in effect would be an apache sponsored proprietary
software venture. In effect Apache would be writing software for RSA.
As for Sun's JCP... Its their spec, why don't they implement it.
-Andy
>Thanks,
>dims
>
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part
of Web Services )
Posted by "Andrew C. Oliver" <ac...@apache.org>.
>
>
>
>
>>That is a problem as well, however my problem is that it requires
>>endusers to acquire an additional license.
>>
>>
>
>Ok. As long as it's clear that it's not a royalty-based license, that's all I'm attempting to clarify.
>
>
they don't "intend" to make it royalty-based. Thats really weak.
>-- Scott
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>For additional commands, e-mail: general-help@incubator.apache.org
>
>
>
>
RE: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of
Web Services )
Posted by Scott Cantor <ca...@osu.edu>.
> Humm.. I'll read it again but thats not what I got out of it. It
> seemed to say that licenses will be available for the
> endusers and that we must inform them.
Yes. And that license is supposed to be royalty free. Thus, I have no idea how that leads to Apache being a development subsidiary
of RSA. RSA gets one thing out of it, aside from a lot of wasted paperwork...more people using SAML. So, the issue for me is solely
what they decide to do in the future.
> That is a problem as well, however my problem is that it requires
> endusers to acquire an additional license.
Ok. As long as it's clear that it's not a royalty-based license, that's all I'm attempting to clarify.
-- Scott
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part
of Web Services )
Posted by "Andrew C. Oliver" <ac...@apache.org>.
Scott Cantor wrote:
>>No it says that your enduser of the Apache SAML library may
>>have to pay RSA for a license (or rather it doesn't say that they won't).
>
>
> Uh, no it doesn't. It says quite explicitly (in the loose language of intent) that they do *not* plan to charge. Or if that's not
> clear, please at least take my word that that is what RSA has made clear to me and other SSTC members. No money. Just reciprocity
> *on SAML IPR*.
>
Humm.. I'll read it again but thats not what I got out of it. It
seemed to say that licenses will be available for the endusers and that
we must inform them.
> What it doesn't say is that they plan to promise never to change their mind about it. I think that's unfortunate.
>
yes.
>
>>Okay. I'm just noting that these terms look objectionable.
>
>
> Do they still look so? Again, is the issue *these terms* or the fact that they could change? I think the latter is the problem.
>
That is a problem as well, however my problem is that it requires
endusers to acquire an additional license.
>
>>I don't see a motivation for Apache to accept projects which
>>might/would require the enduser to pay a company royalties. This seems
>>contrary to the terms and spirit.
>
>
> Just curious...is there anything other than industry pressure (and total user backlash) that would stop Sun from doing so with Java?
>
This is besides the point. Java is not an Apache project. This is more
of a problem for the GCJ folks to consider.
-Andy
> -- Scott
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
RE: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of
Web Services )
Posted by Scott Cantor <ca...@osu.edu>.
> No it says that your enduser of the Apache SAML library may
> have to pay RSA for a license (or rather it doesn't say that they won't).
Uh, no it doesn't. It says quite explicitly (in the loose language of intent) that they do *not* plan to charge. Or if that's not
clear, please at least take my word that that is what RSA has made clear to me and other SSTC members. No money. Just reciprocity
*on SAML IPR*.
What it doesn't say is that they plan to promise never to change their mind about it. I think that's unfortunate.
> >Do these terms make Sun a subsidiary of RSA? They have a
> SAML product out now.
> >
> And they can pay RSA for licenses for users of it...
And they are not doing so.
> Okay. I'm just noting that these terms look objectionable.
Do they still look so? Again, is the issue *these terms* or the fact that they could change? I think the latter is the problem.
> I don't see a motivation for Apache to accept projects which
> might/would require the enduser to pay a company royalties. This seems
> contrary to the terms and spirit.
Just curious...is there anything other than industry pressure (and total user backlash) that would stop Sun from doing so with Java?
-- Scott
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part
of Web Services )
Posted by "Andrew C. Oliver" <ac...@apache.org>.
Scott Cantor wrote:
>>On my part this is -1 on these types of terms in general.
>>These terms basically make Apache a free development
>>subsidiary of RSA which is just not good.
>>
>>
>
>I'm not sure I follow this line of reasoning. The license language that they are supposedly writing does not connote any such thing.
>It says if you want their SAML patent rights for free, you give them your SAML patent rights. It doesn't promise code (which is
>hardly an issue for Apache which already lets them use the code), and it doesn't offer other IPR.
>
>
No it says that your enduser of the Apache SAML library may have to pay
RSA for a license (or rather it doesn't say that they won't).
>Do these terms make Sun a subsidiary of RSA? They have a SAML product out now.
>
>
And they can pay RSA for licenses for users of it...
>The danger is in the lockdown that occurs if they changed the license such that the terms were no longer acceptable, not in the
>initial terms.
>
>The terms aren't done, but this is a moot discussion until they are...I would not advise the PMC to even take a final vote until the
>terms are public.
>
>
Okay. I'm just noting that these terms look objectionable.
>
>
>>This is not specific to
>>OpenSAML. I look forward to a web services security standard which is
>>not tied to proprietary licensing.
>>
>>
>
>Then I fear Apache or someone else would need to create one, unfortunately. Neither OASIS nor the W3C appear to be headed in such a
>direction, and as others noted, it's impossible to know for certain that you will be free and clear anywhere unless you're prepared
>to fight patents in court.
>
>
The W3C is aiming very eagerly into irrelevance anyhow.
>
>
>>Is it possible to change the standard as not to infringe on
>>these patents?
>>
>>
>
>If somebody can actually figure out exactly what parts of SAML are covered, then a factoring of the code might be possible. I'm not
>particularly inclined to such a direction myself, and I haven't the faintest idea how to read patents, in most cases.
>
>I don't see the standard itself addressing this, no.
>
>
I don't see a motivation for Apache to accept projects which might/would
require the enduser to pay a company royalties. This seems contrary to
the terms and spirit.
-Andy
>-- Scott
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>For additional commands, e-mail: general-help@incubator.apache.org
>
>
>
>
RE: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of
Web Services )
Posted by Scott Cantor <ca...@osu.edu>.
> On my part this is -1 on these types of terms in general.
> These terms basically make Apache a free development
> subsidiary of RSA which is just not good.
I'm not sure I follow this line of reasoning. The license language that they are supposedly writing does not connote any such thing.
It says if you want their SAML patent rights for free, you give them your SAML patent rights. It doesn't promise code (which is
hardly an issue for Apache which already lets them use the code), and it doesn't offer other IPR.
Do these terms make Sun a subsidiary of RSA? They have a SAML product out now.
The danger is in the lockdown that occurs if they changed the license such that the terms were no longer acceptable, not in the
initial terms.
The terms aren't done, but this is a moot discussion until they are...I would not advise the PMC to even take a final vote until the
terms are public.
> This is not specific to
> OpenSAML. I look forward to a web services security standard which is
> not tied to proprietary licensing.
Then I fear Apache or someone else would need to create one, unfortunately. Neither OASIS nor the W3C appear to be headed in such a
direction, and as others noted, it's impossible to know for certain that you will be free and clear anywhere unless you're prepared
to fight patents in court.
> Is it possible to change the standard as not to infringe on
> these patents?
If somebody can actually figure out exactly what parts of SAML are covered, then a factoring of the code might be possible. I'm not
particularly inclined to such a direction myself, and I haven't the faintest idea how to read patents, in most cases.
I don't see the standard itself addressing this, no.
-- Scott
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of Web Services )
Posted by Ben Hyde <bh...@pobox.com>.
Andrew C. Oliver wrote:
> Is it possible to change the standard as not to infringe on these
> patents?
It is unlikely that that there are any authentication framework designs
that don't touch on a number of strong patents. RSA is only one
obvious example. This is a bloody business - there is zero benefit for
an IP right holder to reveal his hand prior to wide adoption. Better
to let all the little fishes swallow the hook before you drag them in.
Why do we know about the RSA one? Because they participated in a
standards body where the rules required them to fess-up or relinquish.
There are yet more examples of this kind of thing in the footnotes of
the Liberty Phase I spec, which has a different set of players involved
in writing the standard.
It is impractical for the foundation to warranty that our code has zero
patent entanglements.
It should be something we aspire to. Of course.
In the space between impractical and aspire is real work, damn it.
A policy that we strive to avoid inappropriate patent entanglements
would be good. Even if it is stating the obvious.
A standard procedure for clearly passing patent claims thru, without
comment, from IPR claimants and our users might be helpful.
But that's only nibbles away at the edges of the messy between aspire
and practical.
This is the horrible messy world the licensing subcommittee of the
board has spent the last few years working very hard on. I see signs
that is coming to closure. It is their job, but I've regularly heard
them and the board say that no policy will be compiled into the
foundation's DNA until the members get to do a review of what they come
up with.
Is the RSA patent an example of an inappropriate patent entanglement?
My sense is that in-spite of RSA's history that their goals in this
situation are very close to ours and that with enough hard work this
particular problem can be resolved. It is certainly not clear who is
going to do that hard work.
Should OpenSAML wait for the "is this inappropriate?" question to get
resolved. Damn'd if I know. I think the incubator PMC should decide
that, or seek advise.
- ben
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part
of Web Services )
Posted by "Andrew C. Oliver" <ac...@apache.org>.
On my part this is -1 on these types of terms in general. These terms
basically make Apache a free development
subsidiary of RSA which is just not good. This is not specific to
OpenSAML. I look forward to a web services
security standard which is not tied to proprietary licensing.
Is it possible to change the standard as not to infringe on these patents?
-Andy
Davanum Srinivas wrote:
>Andrew, Sam,
>
>Is this a -1 for OpenSAML? Please clarify.
>
>Thanks,
>dims
>
>--- "Andrew C. Oliver" <ac...@apache.org> wrote:
>
>
>>+1 - very well said.
>>
>>
>>
>>>Please don't overgeneralize.
>>>
>>>I don't believe that SOAP or WSDL or JAX RPC are legal mine fields.
>>>Every few months or so, however, a conspiracy theory shows up on
>>>Slashdot or the Register or ScriptingNews that IBM or Microsoft or RSA
>>>or whoever is undermining web services with patents.
>>>
>>>I very much want Apache to be a safe haven from this. To put this
>>>another way, I want people to be able to come to Apache without
>>>concern for putting their own Intellectual Property at risk.
>>>
>>>Once we muddy the waters, people will feel that they will have to
>>>scrutinize everything from Apache more carefully as they can't trust
>>>us to police ourselves.
>>>
>>>What can we do? We can say yes to projects which aren't encumbered by
>>>such restrictions and no to projects which are. Hopefully, this will
>>>get some to change, and perhaps in other cases we will find safer
>>>alternatives.
>>>
>>>- Sam Ruby
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>>>For additional commands, e-mail: general-help@incubator.apache.org
>>>
>>>
>>>
>>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>>For additional commands, e-mail: general-help@incubator.apache.org
>>
>>
>>
>
>
>=====
>Davanum Srinivas - http://webservices.apache.org/~dims/
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Tax Center - forms, calculators, tips, more
>http://taxes.yahoo.com/
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>For additional commands, e-mail: general-help@incubator.apache.org
>
>
>
>
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of Web Services )
Posted by Davanum Srinivas <di...@yahoo.com>.
Andrew, Sam,
Is this a -1 for OpenSAML? Please clarify.
Thanks,
dims
--- "Andrew C. Oliver" <ac...@apache.org> wrote:
> +1 - very well said.
>
> > Please don't overgeneralize.
> >
> > I don't believe that SOAP or WSDL or JAX RPC are legal mine fields.
> > Every few months or so, however, a conspiracy theory shows up on
> > Slashdot or the Register or ScriptingNews that IBM or Microsoft or RSA
> > or whoever is undermining web services with patents.
> >
> > I very much want Apache to be a safe haven from this. To put this
> > another way, I want people to be able to come to Apache without
> > concern for putting their own Intellectual Property at risk.
> >
> > Once we muddy the waters, people will feel that they will have to
> > scrutinize everything from Apache more carefully as they can't trust
> > us to police ourselves.
> >
> > What can we do? We can say yes to projects which aren't encumbered by
> > such restrictions and no to projects which are. Hopefully, this will
> > get some to change, and perhaps in other cases we will find safer
> > alternatives.
> >
> > - Sam Ruby
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> > For additional commands, e-mail: general-help@incubator.apache.org
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
=====
Davanum Srinivas - http://webservices.apache.org/~dims/
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part
of Web Services )
Posted by "Andrew C. Oliver" <ac...@apache.org>.
+1 - very well said.
> Please don't overgeneralize.
>
> I don't believe that SOAP or WSDL or JAX RPC are legal mine fields.
> Every few months or so, however, a conspiracy theory shows up on
> Slashdot or the Register or ScriptingNews that IBM or Microsoft or RSA
> or whoever is undermining web services with patents.
>
> I very much want Apache to be a safe haven from this. To put this
> another way, I want people to be able to come to Apache without
> concern for putting their own Intellectual Property at risk.
>
> Once we muddy the waters, people will feel that they will have to
> scrutinize everything from Apache more carefully as they can't trust
> us to police ourselves.
>
> What can we do? We can say yes to projects which aren't encumbered by
> such restrictions and no to projects which are. Hopefully, this will
> get some to change, and perhaps in other cases we will find safer
> alternatives.
>
> - Sam Ruby
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of Web Services )
Posted by Davanum Srinivas <di...@yahoo.com>.
Sam,
Ok. What should we do about OpenSAML? Since we are facing a problem here.
Thanks,
dims
--- Sam Ruby <ru...@apache.org> wrote:
> Davanum Srinivas wrote:
> > Andrew,
> >
> > Since Web Services = Legal Mine field...Getting the license for Apache will ensure that Apache
> as
> > a Legal Entity will be protected and that the coding can go on for now. There are 2 JSR's in
> the
> > jcp and WS-Security spec in OASIS that will need this as well.
> >
> > Am not sure there anything else we can do in this situation. Am afraid this problem is going
> to
> > crop up up more and more in the future.
>
> Please don't overgeneralize.
>
> I don't believe that SOAP or WSDL or JAX RPC are legal mine fields.
> Every few months or so, however, a conspiracy theory shows up on
> Slashdot or the Register or ScriptingNews that IBM or Microsoft or RSA
> or whoever is undermining web services with patents.
>
> I very much want Apache to be a safe haven from this. To put this
> another way, I want people to be able to come to Apache without concern
> for putting their own Intellectual Property at risk.
>
> Once we muddy the waters, people will feel that they will have to
> scrutinize everything from Apache more carefully as they can't trust us
> to police ourselves.
>
> What can we do? We can say yes to projects which aren't encumbered by
> such restrictions and no to projects which are. Hopefully, this will
> get some to change, and perhaps in other cases we will find safer
> alternatives.
>
> - Sam Ruby
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
=====
Davanum Srinivas - http://webservices.apache.org/~dims/
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part
of Web Services )
Posted by Sam Ruby <ru...@apache.org>.
Davanum Srinivas wrote:
> Andrew,
>
> Since Web Services = Legal Mine field...Getting the license for Apache will ensure that Apache as
> a Legal Entity will be protected and that the coding can go on for now. There are 2 JSR's in the
> jcp and WS-Security spec in OASIS that will need this as well.
>
> Am not sure there anything else we can do in this situation. Am afraid this problem is going to
> crop up up more and more in the future.
Please don't overgeneralize.
I don't believe that SOAP or WSDL or JAX RPC are legal mine fields.
Every few months or so, however, a conspiracy theory shows up on
Slashdot or the Register or ScriptingNews that IBM or Microsoft or RSA
or whoever is undermining web services with patents.
I very much want Apache to be a safe haven from this. To put this
another way, I want people to be able to come to Apache without concern
for putting their own Intellectual Property at risk.
Once we muddy the waters, people will feel that they will have to
scrutinize everything from Apache more carefully as they can't trust us
to police ourselves.
What can we do? We can say yes to projects which aren't encumbered by
such restrictions and no to projects which are. Hopefully, this will
get some to change, and perhaps in other cases we will find safer
alternatives.
- Sam Ruby
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of Web Services )
Posted by Davanum Srinivas <di...@yahoo.com>.
Andrew,
Since Web Services = Legal Mine field...Getting the license for Apache will ensure that Apache as
a Legal Entity will be protected and that the coding can go on for now. There are 2 JSR's in the
jcp and WS-Security spec in OASIS that will need this as well.
Am not sure there anything else we can do in this situation. Am afraid this problem is going to
crop up up more and more in the future.
Thanks,
dims
--- "Andrew C. Oliver" <ac...@apache.org> wrote:
> Isn't that a no no?
>
> Davanum Srinivas wrote:
>
> >Andrew,
> >
> >IANAL...But I think you are right.
> >
> >Thanks,
> >dims
> >
> >--- "Andrew C. Oliver" <ac...@apache.org> wrote:
> >
> >
> >>Clarify this for me. I might contribute to this OpenSAML, which I'm
> >>free to do as a member of Apache who would hence have license. However
> >>if I take this back to my company (outside of Apache) I must then seek
> >>another license which by intent (though not by agreement) would again be
> >>Royalty free?
> >>
> >>-Andy
> >>
> >>Scott Cantor wrote:
> >>
> >>
> >>
> >>>>Below is what seems the last mail on this subject on this
> >>>>list. Reading that, I tend to think that the incubator, at
> >>>>this point, is capable of taking a formal position on this matter, and we
> >>>>should probably ask the board.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>RSA posted a new statement on the SSTC web site and confirmed the intent to offer royalty
> free
> >>>
> >>>
> >>licenses to anyone building a
> >>
> >>
> >>>toolkit, and stating the builder's obligation to inform users that they also must obtain a
> >>>
> >>>
> >>license, so that's the situation.
> >>
> >>
> >>>The license itself is still not available, and I would be surprised if it showed up all that
> >>>
> >>>
> >>soon, frankly.
> >>
> >>
> >>>-- Scott
> >>>
> >>>
> >>>
> >>>------------------------------------------------------------------------
> >>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> >>>For additional commands, e-mail: general-help@incubator.apache.org
> >>>
> >>>
> >>>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> >>For additional commands, e-mail: general-help@incubator.apache.org
> >>
> >>
> >>
> >
> >
> >=====
> >Davanum Srinivas - http://webservices.apache.org/~dims/
> >
> >__________________________________________________
> >Do you Yahoo!?
> >Yahoo! Shopping - Send Flowers for Valentine's Day
> >http://shopping.yahoo.com
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> >For additional commands, e-mail: general-help@incubator.apache.org
> >
> >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
=====
Davanum Srinivas - http://webservices.apache.org/~dims/
__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part
of Web Services )
Posted by "Andrew C. Oliver" <ac...@apache.org>.
Isn't that a no no?
Davanum Srinivas wrote:
>Andrew,
>
>IANAL...But I think you are right.
>
>Thanks,
>dims
>
>--- "Andrew C. Oliver" <ac...@apache.org> wrote:
>
>
>>Clarify this for me. I might contribute to this OpenSAML, which I'm
>>free to do as a member of Apache who would hence have license. However
>>if I take this back to my company (outside of Apache) I must then seek
>>another license which by intent (though not by agreement) would again be
>>Royalty free?
>>
>>-Andy
>>
>>Scott Cantor wrote:
>>
>>
>>
>>>>Below is what seems the last mail on this subject on this
>>>>list. Reading that, I tend to think that the incubator, at
>>>>this point, is capable of taking a formal position on this matter, and we
>>>>should probably ask the board.
>>>>
>>>>
>>>>
>>>>
>>>RSA posted a new statement on the SSTC web site and confirmed the intent to offer royalty free
>>>
>>>
>>licenses to anyone building a
>>
>>
>>>toolkit, and stating the builder's obligation to inform users that they also must obtain a
>>>
>>>
>>license, so that's the situation.
>>
>>
>>>The license itself is still not available, and I would be surprised if it showed up all that
>>>
>>>
>>soon, frankly.
>>
>>
>>>-- Scott
>>>
>>>
>>>
>>>------------------------------------------------------------------------
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>>>For additional commands, e-mail: general-help@incubator.apache.org
>>>
>>>
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>>For additional commands, e-mail: general-help@incubator.apache.org
>>
>>
>>
>
>
>=====
>Davanum Srinivas - http://webservices.apache.org/~dims/
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Shopping - Send Flowers for Valentine's Day
>http://shopping.yahoo.com
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>For additional commands, e-mail: general-help@incubator.apache.org
>
>
>
>
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of Web Services )
Posted by Davanum Srinivas <di...@yahoo.com>.
Andrew,
IANAL...But I think you are right.
Thanks,
dims
--- "Andrew C. Oliver" <ac...@apache.org> wrote:
> Clarify this for me. I might contribute to this OpenSAML, which I'm
> free to do as a member of Apache who would hence have license. However
> if I take this back to my company (outside of Apache) I must then seek
> another license which by intent (though not by agreement) would again be
> Royalty free?
>
> -Andy
>
> Scott Cantor wrote:
>
> >>Below is what seems the last mail on this subject on this
> >>list. Reading that, I tend to think that the incubator, at
> >>this point, is capable of taking a formal position on this matter, and we
> >>should probably ask the board.
> >>
> >>
> >
> >RSA posted a new statement on the SSTC web site and confirmed the intent to offer royalty free
> licenses to anyone building a
> >toolkit, and stating the builder's obligation to inform users that they also must obtain a
> license, so that's the situation.
> >
> >The license itself is still not available, and I would be surprised if it showed up all that
> soon, frankly.
> >
> >-- Scott
> >
> >
> >
> >------------------------------------------------------------------------
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> >For additional commands, e-mail: general-help@incubator.apache.org
> >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
=====
Davanum Srinivas - http://webservices.apache.org/~dims/
__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
RE: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of
Web Services )
Posted by Scott Cantor <ca...@osu.edu>.
> Clarify this for me. I might contribute to this OpenSAML, which I'm
> free to do as a member of Apache who would hence have license. However
> if I take this back to my company (outside of Apache) I must then seek
> another license which by intent (though not by agreement) would again be
> Royalty free?
That's my interpretation of it. I as the original author can't even use my own code unless I can get OSU to sign the RSA license. I
rather expect that will be difficult, because my university doesn't like promising to cross-license like that.
OTOH, I could sign it myself and use it for personal purposes.
-- Scott
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part
of Web Services )
Posted by "Andrew C. Oliver" <ac...@apache.org>.
Clarify this for me. I might contribute to this OpenSAML, which I'm
free to do as a member of Apache who would hence have license. However
if I take this back to my company (outside of Apache) I must then seek
another license which by intent (though not by agreement) would again be
Royalty free?
-Andy
Scott Cantor wrote:
>>Below is what seems the last mail on this subject on this
>>list. Reading that, I tend to think that the incubator, at
>>this point, is capable of taking a formal position on this matter, and we
>>should probably ask the board.
>>
>>
>
>RSA posted a new statement on the SSTC web site and confirmed the intent to offer royalty free licenses to anyone building a
>toolkit, and stating the builder's obligation to inform users that they also must obtain a license, so that's the situation.
>
>The license itself is still not available, and I would be surprised if it showed up all that soon, frankly.
>
>-- Scott
>
>
>
>------------------------------------------------------------------------
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>For additional commands, e-mail: general-help@incubator.apache.org
>
RE: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of
Web Services )
Posted by Scott Cantor <ca...@osu.edu>.
> Below is what seems the last mail on this subject on this
> list. Reading that, I tend to think that the incubator, at
> this point, is capable of taking a formal position on this matter, and we
> should probably ask the board.
RSA posted a new statement on the SSTC web site and confirmed the intent to offer royalty free licenses to anyone building a
toolkit, and stating the builder's obligation to inform users that they also must obtain a license, so that's the situation.
The license itself is still not available, and I would be surprised if it showed up all that soon, frankly.
-- Scott
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of Web Services )
Posted by Davanum Srinivas <di...@yahoo.com>.
Nicola, Folks,
Here's the latest from RSA -
http://lists.oasis-open.org/archives/security-services/200302/msg00036.html
Thanks,
dims
--- Nicola Ken Barozzi <ni...@apache.org> wrote:
>
>
> Davanum Srinivas wrote, On 17/02/2003 16.23:
> > Incubator Folks,
> >
> > We (PMC@WS) had a VOTE for accepting OpenSAML as part of Web Services project. Here are the
> > results.
> >
> > +1 from 12 members. Zero -1 or -0 or +0 votes.
>
> Excellent.
>
> > What should we do next. Please advise.
>
> The only thing that I'd want to nail down is the license issue.
>
> Below is what seems the last mail on this subject on this list.
> Reading that, I tend to think that the incubator, at this point, is
> capable of taking a formal position on this matter, and we should
> probably ask the board.
>
> What do other incubator PMCers think of it?
>
>
> -------- Original Message --------
> Subject: RE: Revised OpenSAML proposal
> Date: Thu, 30 Jan 2003 16:23:33 -0500
> From: Scott Cantor <ca...@osu.edu>
> Reply-To: general@incubator.apache.org
> Organization: The Ohio State University
> To: general@incubator.apache.org
>
> > > "A" license? What does this mean, that Apache has a license but all
> > > users of it need to ask for one too? %-|
> >
> > i think you'd need to ask an IPR lawyer this.
>
> The RSA position up to this point is that vendors of toolkits not only
> need to get a license, but also notify their customers that
> they must acquire one. So Apache gets one to distribute this code, and
> then provides the notice to users.
>
> The *rumor* is that they may be changing their mind about this special
> toolkit case, but that's not anything more than rumor.
>
> The fundamental issue is that there is *no* license to get yet. It
> doesn't exist, the process doesn't exist, etc. We've been
> distributing code, Sun has shipping products, RSA and Phaos and others
> have toolkits, etc.
>
> So there just isn't much ground to stand on yet.
>
> > maybe someone at the ASF needs to approach RSA officially and
> > find out what their position is.
>
> Many others are already doing this within the SSTC, and we will
> communicate that we're getting even more anxious on the call next
> week.
>
> -- Scott
>
> --
> Nicola Ken Barozzi nicolaken@apache.org
> - verba volant, scripta manent -
> (discussions get forgotten, just code remains)
> ---------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
=====
Davanum Srinivas - http://webservices.apache.org/~dims/
__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part of Web Services )
Posted by Davanum Srinivas <di...@yahoo.com>.
Nicola, Folks,
Here's the latest from RSA -
http://lists.oasis-open.org/archives/security-services/200302/msg00036.html
Thanks,
dims
--- Nicola Ken Barozzi <ni...@apache.org> wrote:
>
>
> Davanum Srinivas wrote, On 17/02/2003 16.23:
> > Incubator Folks,
> >
> > We (PMC@WS) had a VOTE for accepting OpenSAML as part of Web Services project. Here are the
> > results.
> >
> > +1 from 12 members. Zero -1 or -0 or +0 votes.
>
> Excellent.
>
> > What should we do next. Please advise.
>
> The only thing that I'd want to nail down is the license issue.
>
> Below is what seems the last mail on this subject on this list.
> Reading that, I tend to think that the incubator, at this point, is
> capable of taking a formal position on this matter, and we should
> probably ask the board.
>
> What do other incubator PMCers think of it?
>
>
> -------- Original Message --------
> Subject: RE: Revised OpenSAML proposal
> Date: Thu, 30 Jan 2003 16:23:33 -0500
> From: Scott Cantor <ca...@osu.edu>
> Reply-To: general@incubator.apache.org
> Organization: The Ohio State University
> To: general@incubator.apache.org
>
> > > "A" license? What does this mean, that Apache has a license but all
> > > users of it need to ask for one too? %-|
> >
> > i think you'd need to ask an IPR lawyer this.
>
> The RSA position up to this point is that vendors of toolkits not only
> need to get a license, but also notify their customers that
> they must acquire one. So Apache gets one to distribute this code, and
> then provides the notice to users.
>
> The *rumor* is that they may be changing their mind about this special
> toolkit case, but that's not anything more than rumor.
>
> The fundamental issue is that there is *no* license to get yet. It
> doesn't exist, the process doesn't exist, etc. We've been
> distributing code, Sun has shipping products, RSA and Phaos and others
> have toolkits, etc.
>
> So there just isn't much ground to stand on yet.
>
> > maybe someone at the ASF needs to approach RSA officially and
> > find out what their position is.
>
> Many others are already doing this within the SSTC, and we will
> communicate that we're getting even more anxious on the call next
> week.
>
> -- Scott
>
> --
> Nicola Ken Barozzi nicolaken@apache.org
> - verba volant, scripta manent -
> (discussions get forgotten, just code remains)
> ---------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
=====
Davanum Srinivas - http://webservices.apache.org/~dims/
__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
Re: OpenSAML VOTE Results (was Re: [VOTE] Accept OpenSAML as part
of Web Services )
Posted by Nicola Ken Barozzi <ni...@apache.org>.
Davanum Srinivas wrote, On 17/02/2003 16.23:
> Incubator Folks,
>
> We (PMC@WS) had a VOTE for accepting OpenSAML as part of Web Services project. Here are the
> results.
>
> +1 from 12 members. Zero -1 or -0 or +0 votes.
Excellent.
> What should we do next. Please advise.
The only thing that I'd want to nail down is the license issue.
Below is what seems the last mail on this subject on this list.
Reading that, I tend to think that the incubator, at this point, is
capable of taking a formal position on this matter, and we should
probably ask the board.
What do other incubator PMCers think of it?
-------- Original Message --------
Subject: RE: Revised OpenSAML proposal
Date: Thu, 30 Jan 2003 16:23:33 -0500
From: Scott Cantor <ca...@osu.edu>
Reply-To: general@incubator.apache.org
Organization: The Ohio State University
To: general@incubator.apache.org
> > "A" license? What does this mean, that Apache has a license but all
> > users of it need to ask for one too? %-|
>
> i think you'd need to ask an IPR lawyer this.
The RSA position up to this point is that vendors of toolkits not only
need to get a license, but also notify their customers that
they must acquire one. So Apache gets one to distribute this code, and
then provides the notice to users.
The *rumor* is that they may be changing their mind about this special
toolkit case, but that's not anything more than rumor.
The fundamental issue is that there is *no* license to get yet. It
doesn't exist, the process doesn't exist, etc. We've been
distributing code, Sun has shipping products, RSA and Phaos and others
have toolkits, etc.
So there just isn't much ground to stand on yet.
> maybe someone at the ASF needs to approach RSA officially and
> find out what their position is.
Many others are already doing this within the SSTC, and we will
communicate that we're getting even more anxious on the call next
week.
-- Scott
--
Nicola Ken Barozzi nicolaken@apache.org
- verba volant, scripta manent -
(discussions get forgotten, just code remains)
---------------------------------------------------------------------