Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation
Maciej Machulak <maciej.machulak@gmail.com> Wed, 16 July 2014 14:12 UTC
Return-Path: <maciej.machulak@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87BE21B287B for <oauth@ietfa.amsl.com>; Wed, 16 Jul 2014 07:12:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uBYNNMO5eh-s for <oauth@ietfa.amsl.com>; Wed, 16 Jul 2014 07:12:36 -0700 (PDT)
Received: from mail-we0-x230.google.com (mail-we0-x230.google.com [IPv6:2a00:1450:400c:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BEDE1B28AB for <oauth@ietf.org>; Wed, 16 Jul 2014 07:12:34 -0700 (PDT)
Received: by mail-we0-f176.google.com with SMTP id q58so1003949wes.35 for <oauth@ietf.org>; Wed, 16 Jul 2014 07:12:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=M+tXDDCOQKu2irEteyV1XrQJS+sFMdm17Rz0HQyjgpU=; b=vaJrjzkCn5k4v5+uVaTC3PL0gSnmfhCu/osGW58Ar+cCzo29X6y2mlbyW+uJDLIKVz zxhBSirZQVa6TYh+NfhiHm6BbxtUd1yA7QCcLCjAZid6FG4KeawODa9YkCjhgqo7qKlQ CS8O66uTnoPqGtvgB6gQCJJBydB0+ii/Wz4jGaSA7UqW/vsPMM5LEPpS8r4LzRKQVpkv kMZdmRo5rsyiIoizW0vYIvcvvg8xfsiUJVJnNvLITLyQ98sTA+zYUSa0pfFWmea9J6iY AtdhQaQws/CD7haGdn5m77Rf9ZaOYipIizKJ4IPgQsBK6bACP6wdWqAB9uirbbRwJx0U DZgw==
MIME-Version: 1.0
X-Received: by 10.194.122.73 with SMTP id lq9mr3852413wjb.133.1405519952059; Wed, 16 Jul 2014 07:12:32 -0700 (PDT)
Received: by 10.194.18.198 with HTTP; Wed, 16 Jul 2014 07:12:31 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439ADCB58E@TK5EX14MBXC294.redmond.corp.microsoft.com>
References: <53BBDBEE.703@gmx.net> <BE6275F6-27D0-4A7A-ABA2-18B571BFDF18@oracle.com> <4E1F6AAD24975D4BA5B16804296739439ADA02B7@TK5EX14MBXC294.redmond.corp.microsoft.com> <4E1F6AAD24975D4BA5B16804296739439ADA1766@TK5EX14MBXC294.redmond.corp.microsoft.com> <4E1F6AAD24975D4BA5B16804296739439ADAB98C@TK5EX14MBXC294.redmond.corp.microsoft.com> <53C65120.4020302@gmx.net> <53C664DC.50907@mit.edu> <53C665B0.7040708@gmx.net> <53C66797.1040509@mit.edu> <4E1F6AAD24975D4BA5B16804296739439ADCB3B3@TK5EX14MBXC294.redmond.corp.microsoft.com> <53C675F1.9080102@mit.edu> <4E1F6AAD24975D4BA5B16804296739439ADCB58E@TK5EX14MBXC294.redmond.corp.microsoft.com>
Date: Wed, 16 Jul 2014 16:12:31 +0200
Message-ID: <CA+c2x_VyUbeKWZNA3qZBABD96MoyvP7wuSN+z_RQ8cvMRWJx8w@mail.gmail.com>
From: Maciej Machulak <maciej.machulak@gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="089e012284f877a50704fe501dc4"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/O5fjtXdpp97oGeNxxJLDrOpsxMw
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jul 2014 14:12:40 -0000
Mike, See comments below: On 16 July 2014 15:54, Mike Jones <Michael.Jones@microsoft.com> wrote: > OK - looking back at the parameter name change example, I agree that this > was first discussed in the OAuth WG and was adopted by both specs at about > the same time, so I agree that that's an example of information flowing in > the other direction. (I doubt that anyone will assert IPR about a > parameter name change, so I suspect that instance was innocuous.) When > some of the same people were in two working groups doing highly related > things, I suppose some of that was bound to happen, despite the best of > intentions. However, it's still my assertion that the core inventions in > Connect Registration were independently developed, syntax tweaks made later > for compatibility reasons aside. > > Be that as it may, and having thought about it some more, I'm not going to > stand in the way of acknowledging UMA in the OAuth Registration spec if > people believe that that's the right thing to do. People who know me know > that I'm all in favor of giving credit where credit is due. I'd thought > that all the UMA content had been replaced, but if I'm wrong about that, so > be it. > That is fine - if the content has been removed then just don't give the credit - I'm fine both ways. > > What would be the right reference for the UMA registration specification > in the acknowledgement? > This is the latest doc that was ever produced, as far as I am aware of: http://tools.ietf.org/html/draft-oauth-dyn-reg-v1-03 Kind regards, Maciej > > -- Mike > > -----Original Message----- > From: Justin Richer [mailto:jricher@MIT.EDU] > Sent: Wednesday, July 16, 2014 5:54 AM > To: Mike Jones; Hannes Tschofenig; oauth@ietf.org > Subject: Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation > > It's quite true that the OIDC draft predates -00 of the IETF draft, and > I'm sorry if that was unclear from what I said as I was not intending to > misrepresent the history. And it's true that the UMA draft predates both of > these by a fair whack and at the very least provided inspiration in how to > accomplish this task, and in fact draft -00 was a straight copy of UMA. As > Mike mentions below, draft -01 (when I took over the editor > role) incorporates a lot of text from the OIDF draft alongside the UMA > text, which is why that document has eight authors on it. > > However it's not true that information didn't flow both ways, or that > everything from UMA was eventually expunged. It's fairly clear if you look > at the document history that there was a lot of back and forth. The JSON > formatting in the IETF draft, for example, exists in -00 and came from UMA, > was switched to form encoding from in -01 (from OIDC), and with lots of > discussion here in the WG (both before and after the > change) was switched back to JSON in -05. At that time, there was a > discussion in the OIDF working group of whether to adopt the JSON > formatting as well in order to maintain compatibility, and OIDF decided to > do so. There were other instances where parameter names and other ideas > began in the IETF and moved to OIDF's spec, like changing "issued_at" to > the more clear "client_id_issued_at". These were breaking changes and not > entered into lightly, and I was there for those discussions and still > contend that OIDF made the right call. > > If the OIDF wants to frame that decision as "we decided independently to > do a thing for the greater good" as opposed to "we adopted ideas from > outside", then it's free to do so for whatever legal protection reasons it > likes. It's perfectly fine with me that the OIDF represent itself and its > documents how it sees best. But it's not OK with me to discount or > misrepresent the history and provenance of the ideas and components of this > IETF document in the IETF and I'd like to include the modified statement I > posted below in the introduction text of the next revision. > > -- Justin > > On 7/16/2014 8:34 AM, Mike Jones wrote: > > I disagree with one aspect of Justin's characterization of the history > of the spec and have data to back up my disagreement. The OpenID Connect > Dynamic Registration Specification was not based on > draft-ietf-oauth-dyn-reg-00 or the UMA specification. It was created > independently by John Bradley in June 2011 based upon OpenID Connect > working group discussions that predated draft-ietf-oauth-dyn-reg-00, and > for which there are working group notes documenting the OpenID Connect > working group decisions prior to the IETF -00 draft. Yes, there's plenty > of evidence that the IETF -01 draft copied text from the early OpenID > Connect draft (including in the change history), but the Connect authors > were careful to follow the OpenID Foundation's IPR process and not > incorporate contributions from third parties who hadn't signed an OpenID > IPR Contribution Agreement stating that the OpenID Foundation was free to > use their contributions. (This fills the same role as the IETF Note well, > but with a signed agreement, and ensures that all developers can use the > resulting specifications without IPR concerns based on IPR that may be held > by the contributors.) The OpenID Connect Dynamic Registration draft didn't > copy from the UMA draft or the IETF draft derived from it, so as to > maintain the IPR integrity of the OpenID document. The copying all went in > the other direction. > > > > If portions of the UMA draft remained from -00 in the current drafts, > > I'd be fine with the UMA attribution, but in practice they don't. The > > UMA content was replaced with the OpenID Connect content. (I believe > > that eventually UMA decided to drop their old draft and move to > > registration mechanisms that were compatible with Connect as well, and > > stopped using their previous registration data formats.) > > > > -- Mike > > > > -----Original Message----- > > From: Justin Richer [mailto:jricher@MIT.EDU] > > Sent: Wednesday, July 16, 2014 4:53 AM > > To: Hannes Tschofenig; Mike Jones; oauth@ietf.org > > Subject: Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation > > > > I like the idea of adding some of the text in the introduction, as I > agree the compatibility is an important (and hard-won) accomplishment. I > think taking Mike's text, expanding it, and putting it in the introduction > might serve the overall purpose just fine: > > > > Portions of this specification are derived from the OpenID Connect > Dynamic Registration [OpenID.Registration] specification and from the User > Managed Access [UMA] specification. This was done so that implementations > of these three specifications will be compatible with one another. > > > > > > These are both informative references, so we can reference the ID for > UMA. > > > > -- Justin > > > > On 7/16/2014 7:44 AM, Hannes Tschofenig wrote: > >> Interesting background information. Maybe we should then extend the > >> note Mike provided to also clarify the relationship with the UMA work > >> (both in terms to IPR, copyright, and attribution-wise). > >> > >> It would also make sense to state the relationship in the > >> introduction to highlight the compatibility, which I believe is a big > accomplishment. > >> > >> Ciao > >> Hannes > >> > >> On 07/16/2014 01:41 PM, Justin Richer wrote: > >>> I thought I had sent this note already, but I don't see it in the > >>> archives or in my 'sent' folder: > >>> > >>> If we're going to point to OpenID Connect (which I'm fine with), > >>> then we should clarify that portions were also taken from the UMA > specification. > >>> In fact, draft -00 actually *was* the UMA specification text entirely. > >>> This is also what the OpenID Connect registration specification was > >>> (loosely) based on when it was started. > >>> > >>> In reality, the relationship between these three documents from > >>> three different SBO's is more complicated: they all grew up together > >>> and effectively merged to become wire-compatible with each other. > >>> There were a number of changes that were discussed here in the IETF > >>> that OpenID Connect adopted, and a number of changes that were > >>> discussed at OIDF that were adopted here. OIDC also extends the IETF > >>> draft with a set of OIDC-specific metadata fields and editorial > >>> language that makes it fit more closely in the OIDC landscape, but > make no mistake: > >>> they're the same protocol. In the case of UMA, it's a straight > >>> normative reference to the IETF document now because we were able to > >>> incorporate those use cases and parameters directly. > >>> > >>> The trouble is, I'm not sure how to concisely state that all that in > >>> the draft text, but it's not as simple as "we copied OpenID", which > >>> is what the text below seems to say. > >>> > >>> -- Justin > >>> > >>> On 7/16/2014 6:17 AM, Hannes Tschofenig wrote: > >>>> Thanks, Mike. > >>>> > >>>> This is a useful addition and reflects the relationship between the > >>>> two efforts. > >>>> > >>>> Please add it to the next draft version. > >>>> > >>>> Ciao > >>>> Hannes > >>>> > >>>> On 07/15/2014 09:46 PM, Mike Jones wrote: > >>>>> So that the working group has concrete language to consider, > >>>>> propose the following language to the OAuth Dynamic Client > Registration specification: > >>>>> > >>>>> > >>>>> > >>>>> Portions of this specification are derived from the OpenID Connect > >>>>> Dynamic Registration [OpenID.Registration] specification. This > >>>>> was done so that implementations of this specification and OpenID > >>>>> Connect Dynamic Registration can be compatible with one another. > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Mike > >>>>> > >>>>> > >>>>> > >>>>> *From:*OAuth [mailto:oauth-bounces@ietf.org] *On Behalf Of *Mike > >>>>> Jones > >>>>> *Sent:* Tuesday, July 08, 2014 7:15 PM > >>>>> *To:* Phil Hunt; Hannes Tschofenig > >>>>> *Cc:* Maciej Machulak; oauth@ietf.org > >>>>> *Subject:* Re: [OAUTH-WG] Dynamic Client Registration: IPR > >>>>> Confirmation > >>>>> > >>>>> > >>>>> > >>>>> Thinking about this some more, there is one IPR issue that we need > >>>>> to address before publication. This specification is a derivative > >>>>> work from the OpenID Connect Dynamic Registration specification > >>>>> http://openid.net/specs/openid-connect-registration-1_0.html. > >>>>> Large portions of the text were copied wholesale from that spec to > >>>>> this one, so that the two would be compatible. (This is good > >>>>> thing – not a bad > >>>>> thing.) > >>>>> > >>>>> > >>>>> > >>>>> This is easy to address from an IPR perspective – simply > >>>>> acknowledge that this spec is a derivative work and provide proper > >>>>> attribution. The OpenID copyright in the spec at > >>>>> http://openid.net/specs/openid-connect-registration-1_0.html#Notic > >>>>> e s allows for this resolution. It says: > >>>>> > >>>>> > >>>>> > >>>>> Copyright (c) 2014 The OpenID Foundation. > >>>>> > >>>>> The OpenID Foundation (OIDF) grants to any Contributor, developer, > >>>>> implementer, or other interested party a non-exclusive, royalty > >>>>> free, worldwide copyright license to reproduce, prepare derivative > >>>>> works from, distribute, perform and display, this Implementers > >>>>> Draft or Final Specification solely for the purposes of (i) > >>>>> developing specifications, and (ii) implementing Implementers > >>>>> Drafts and Final Specifications based on such documents, provided > >>>>> that attribution be made to the OIDF as the source of the > >>>>> material, but that such attribution does not indicate an endorsement > by the OIDF. > >>>>> > >>>>> Let’s add the reference and acknowledgment in the next version. > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Mike > >>>>> > >>>>> > >>>>> > >>>>> *From:*Mike Jones > >>>>> *Sent:* Tuesday, July 08, 2014 10:06 AM > >>>>> *To:* Phil Hunt; Hannes Tschofenig > >>>>> *Cc:* John Bradley; Justin Richer; Maciej Machulak; oauth@ietf.org > >>>>> <mailto:oauth@ietf.org> > >>>>> *Subject:* RE: Dynamic Client Registration: IPR Confirmation > >>>>> > >>>>> > >>>>> > >>>>> I likewise do not hold any IPR on these specs. > >>>>> > >>>>> ------------------------------------------------------------------ > >>>>> - > >>>>> ----- > >>>>> > >>>>> *From: *Phil Hunt <mailto:phil.hunt@oracle.com> > >>>>> *Sent: *7/8/2014 9:11 AM > >>>>> *To: *Hannes Tschofenig <mailto:hannes.tschofenig@gmx.net> > >>>>> *Cc: *Mike Jones <mailto:Michael.Jones@microsoft.com>; John > >>>>> Bradley <mailto:ve7jtb@ve7jtb.com>; Justin Richer > >>>>> <mailto:jricher@mitre.org>; Maciej Machulak > >>>>> <mailto:m.p.machulak@ncl.ac.uk>; oauth@ietf.org > >>>>> <mailto:oauth@ietf.org> > >>>>> *Subject: *Re: Dynamic Client Registration: IPR Confirmation > >>>>> > >>>>> I confirm I have no IPR disclosures on this document. > >>>>> > >>>>> Phil > >>>>> > >>>>>> On Jul 8, 2014, at 4:54, Hannes Tschofenig < > hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>> wrote: > >>>>>> > >>>>>> Hi Phil, John, Maciej, Justin, Mike, > >>>>>> > >>>>>> I am working on the shepherd writeup for the dynamic client > >>>>>> registration document and one item in the template requires me to > >>>>>> indicate whether each document author has confirmed that any and > >>>>>> all appropriate IPR disclosures required for full conformance > >>>>>> with the provisions of BCP 78 and BCP 79 have already been filed. > >>>>>> > >>>>>> Could you please confirm? > >>>>>> > >>>>>> Ciao > >>>>>> Hannes > >>>>>> > >>>>>> > >>>> _______________________________________________ > >>>> OAuth mailing list > >>>> OAuth@ietf.org > >>>> https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Maciej Machulak email: maciej.machulak@gmail.com mobile: +44 7999 606 767 (UK) mobile: +48 602 45 31 66 (PL)
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Justin Richer
- [OAUTH-WG] Dynamic Client Registration: IPR Confi… Hannes Tschofenig
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… John Bradley
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Phil Hunt
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Mike Jones
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Mike Jones
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… John Bradley
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Mike Jones
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Maciej Machulak
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Hannes Tschofenig
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Justin Richer
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Hannes Tschofenig
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Maciej Machulak
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Justin Richer
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Mike Jones
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Justin Richer
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Mike Jones
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Maciej Machulak
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Justin Richer
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… John Bradley