Re: IAB/IETF standardization process

[John Linn <linn@security.ov.com>]

As keeper of RFC-1508 (Generic Security Service API), I've received
queries from development organizations and from other
standards/consortium bodies wanting to implement and/or adopt the
RFC's content.  These queries share a common thread: concern about
understanding the copyright status of RFCs in order to do the Good and
Proper Thing in integrating their content into documentation.  It's
possible that the copyright issue may be less visible for RFCs
specifying protocols than for those specifying interfaces (where parts
of an interface's specification are clearly just the right thing to
use to document the interface), but I expect it must arise frequently
for a range of RFCs. As such, I see the idea of addressing
intellectual property issues, as draft-iab-standards-processv2-02.txt
seeks to do, as important; I have concerns about some of the
specifics.

>   5.4.  Rights and Permissions
>
>      In the course of standards work, ISOC receives contributions
>      in various forms and from many persons.  To facilitate the
>      wide dissemination of these contributions, it is necessary to
>      establish specific understandings concerning any copyrights,
>      patents, patent applications, or other rights in the
>      contribution.  The procedures set forth in this section apply
>      to contributions submitted after <date of this RFC>.  For
>      Internet standards documents published before this date (the
>      RFC series has been published continuously since April 1969),
>      information on rights and permissions must be sought directly
>      from persons claiming rights therein.

Presumably, advancement of an existing document on the standards track
should also make it clearly subject to the newly clarified conditions.
Could we go further and declare that, as of a certain date, all
documents which are on the standards track and which have not been
rescinded by their authors will be treated uniformly?  Alternately, or
in addition, would the ISOC be willing to accept (and maintain for
general availability) a record of declarations and claims re rights
and permissions concerning already-issued specifications?

>      5.4.1.  All Contributions
>
>         By submission of a contribution to ISOC, and in
>         consideration of possible dissemination of the contribution
>         to the Internet community, a contributor is deemed to agree
>         to the following terms and conditions:
>
>         l. Contributor agrees to grant, and does grant to
>            ISOC, a perpetual, non-exclusive, royalty-free,
>            world-wide right and license under any copyrights in
>            the contribution to reproduce, distribute, perform or
>            display publicly and prepare derivative works that are
>            based on or incorporate all or part of the contribution,
>            and to reproduce, distribute and perform or display
>            publicly any such derivative works, in any form and in
>            all languages, and to authorize others to do so.

Sounds good to me, given the later-specified copyright notice which
explicitly grants reproduction rights without needing to contact
ISOC for authorization, so long as the source is credited. 

>         4. Where the contribution was prepared jointly with others,
>            or is a work for hire, the contributor represents and
>            warrants that the other owner(s) of rights have been
>            informed of the rights and permissions granted to ISOC
>            and that any required authorizations have been obtained.
>            Copies of any such required authorizations will be
>            furnished to ISOC, upon request.

What if we reiterate the terms within IETF registration material
and/or proceedings, and in "welcome to the mailing list" messages
for IETF and WGs?  Would this ease the notification burden?

>         In the case of IETF Working Groups, the responsibility for
>         identifying the principal contributor(s) for purposes of
>         obtaining written confirmation of the above rights and
>         permissions will be assumed by the Editor or Chair of the
>         particular Group.  While only those persons named as
>         principal contributor(s) will generally be requested to
>         provide written confirmation, it is the responsibility of
>         all contributors to standards work to inform the IETF
>         Secretariat of any proprietary claims in any contributions
>         and to furnish the Secretariat with any required
>         confirmation.

Now, things start to get tricky.  For an organization like the IETF,
where membership is fluid and participation via E-mail has explicit
standing, I'm concerned that this could grind our standards process to
a halt.  In this environment, it's hard enough to identify all the
individuals who've contributed input influencing a document, even
harder to locate and contact all of them, and perhaps impossible to
guarantee that each such individual (perhaps aided by their corporate
legal department) responds positively.  What are the guidelines for
identifying what level of participation constitutes principal-level
involvement, and what's the risk if someone else later claims that
they should have been consulted for confirmation?

--jl