Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation
Justin Richer <jricher@mitre.org> Wed, 16 July 2014 15:45 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCF1C1B28CD for <oauth@ietfa.amsl.com>; Wed, 16 Jul 2014 08:45:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.85
X-Spam-Level:
X-Spam-Status: No, score=-4.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iD0bnpoyI_8Z for <oauth@ietfa.amsl.com>; Wed, 16 Jul 2014 08:45:16 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id F20451A0654 for <oauth@ietf.org>; Wed, 16 Jul 2014 08:45:15 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 7A0511F1071; Wed, 16 Jul 2014 11:45:15 -0400 (EDT)
Received: from IMCCAS03.MITRE.ORG (imccas03.mitre.org [129.83.29.80]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 67D141F108A; Wed, 16 Jul 2014 11:45:15 -0400 (EDT)
Received: from [10.146.15.61] (10.140.19.249) by IMCCAS03.MITRE.ORG (129.83.29.80) with Microsoft SMTP Server (TLS) id 14.3.174.1; Wed, 16 Jul 2014 11:45:15 -0400
Message-ID: <53C69DE6.30001@mitre.org>
Date: Wed, 16 Jul 2014 11:44:38 -0400
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Maciej Machulak <maciej.machulak@gmail.com>, Mike Jones <Michael.Jones@microsoft.com>
References: <53BBDBEE.703@gmx.net> <BE6275F6-27D0-4A7A-ABA2-18B571BFDF18@oracle.com> <4E1F6AAD24975D4BA5B16804296739439ADA02B7@TK5EX14MBXC294.redmond.corp.microsoft.com> <4E1F6AAD24975D4BA5B16804296739439ADA1766@TK5EX14MBXC294.redmond.corp.microsoft.com> <4E1F6AAD24975D4BA5B16804296739439ADAB98C@TK5EX14MBXC294.redmond.corp.microsoft.com> <53C65120.4020302@gmx.net> <53C664DC.50907@mit.edu> <53C665B0.7040708@gmx.net> <53C66797.1040509@mit.edu> <4E1F6AAD24975D4BA5B16804296739439ADCB3B3@TK5EX14MBXC294.redmond.corp.microsoft.com> <53C675F1.9080102@mit.edu> <4E1F6AAD24975D4BA5B16804296739439ADCB58E@TK5EX14MBXC294.redmond.corp.microsoft.com> <CA+c2x_VyUbeKWZNA3qZBABD96MoyvP7wuSN+z_RQ8cvMRWJx8w@mail.gmail.com>
In-Reply-To: <CA+c2x_VyUbeKWZNA3qZBABD96MoyvP7wuSN+z_RQ8cvMRWJx8w@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------020705050308060608060908"
X-Originating-IP: [10.140.19.249]
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/Zvq2Ns_-CURT2LlpMjyCjrgJL4w
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jul 2014 15:45:24 -0000
Since it's an information reference, I would like to reference the as-of-now-current ID for UMA: http://tools.ietf.org/html/draft-hardjono-oauth-umacore-09 -- Justin On 07/16/2014 10:12 AM, Maciej Machulak wrote: > Mike, > > See comments below: > > On 16 July 2014 15:54, Mike Jones <Michael.Jones@microsoft.com > <mailto:Michael.Jones@microsoft.com>> wrote: > > OK - looking back at the parameter name change example, I agree > that this was first discussed in the OAuth WG and was adopted by > both specs at about the same time, so I agree that that's an > example of information flowing in the other direction. (I doubt > that anyone will assert IPR about a parameter name change, so I > suspect that instance was innocuous.) When some of the same > people were in two working groups doing highly related things, I > suppose some of that was bound to happen, despite the best of > intentions. However, it's still my assertion that the core > inventions in Connect Registration were independently developed, > syntax tweaks made later for compatibility reasons aside. > > Be that as it may, and having thought about it some more, I'm not > going to stand in the way of acknowledging UMA in the OAuth > Registration spec if people believe that that's the right thing to > do. People who know me know that I'm all in favor of giving > credit where credit is due. I'd thought that all the UMA content > had been replaced, but if I'm wrong about that, so be it. > > > That is fine - if the content has been removed then just don't give > the credit - I'm fine both ways. > > > What would be the right reference for the UMA registration > specification in the acknowledgement? > > > This is the latest doc that was ever produced, as far as I am aware of: > http://tools.ietf.org/html/draft-oauth-dyn-reg-v1-03 > > Kind regards, > Maciej > > > -- Mike > > -----Original Message----- > From: Justin Richer [mailto:jricher@MIT.EDU <mailto:jricher@MIT.EDU>] > Sent: Wednesday, July 16, 2014 5:54 AM > To: Mike Jones; Hannes Tschofenig; oauth@ietf.org > <mailto:oauth@ietf.org> > Subject: Re: [OAUTH-WG] Dynamic Client Registration: IPR Confirmation > > It's quite true that the OIDC draft predates -00 of the IETF > draft, and I'm sorry if that was unclear from what I said as I was > not intending to misrepresent the history. And it's true that the > UMA draft predates both of these by a fair whack and at the very > least provided inspiration in how to accomplish this task, and in > fact draft -00 was a straight copy of UMA. As Mike mentions below, > draft -01 (when I took over the editor > role) incorporates a lot of text from the OIDF draft alongside the > UMA text, which is why that document has eight authors on it. > > However it's not true that information didn't flow both ways, or > that everything from UMA was eventually expunged. It's fairly > clear if you look at the document history that there was a lot of > back and forth. The JSON formatting in the IETF draft, for > example, exists in -00 and came from UMA, was switched to form > encoding from in -01 (from OIDC), and with lots of discussion here > in the WG (both before and after the > change) was switched back to JSON in -05. At that time, there was > a discussion in the OIDF working group of whether to adopt the > JSON formatting as well in order to maintain compatibility, and > OIDF decided to do so. There were other instances where parameter > names and other ideas began in the IETF and moved to OIDF's spec, > like changing "issued_at" to the more clear "client_id_issued_at". > These were breaking changes and not entered into lightly, and I > was there for those discussions and still contend that OIDF made > the right call. > > If the OIDF wants to frame that decision as "we decided > independently to do a thing for the greater good" as opposed to > "we adopted ideas from outside", then it's free to do so for > whatever legal protection reasons it likes. It's perfectly fine > with me that the OIDF represent itself and its documents how it > sees best. But it's not OK with me to discount or misrepresent the > history and provenance of the ideas and components of this IETF > document in the IETF and I'd like to include the modified > statement I posted below in the introduction text of the next > revision. > > -- Justin > > On 7/16/2014 8:34 AM, Mike Jones wrote: > > I disagree with one aspect of Justin's characterization of the > history of the spec and have data to back up my disagreement. The > OpenID Connect Dynamic Registration Specification was not based on > draft-ietf-oauth-dyn-reg-00 or the UMA specification. It was > created independently by John Bradley in June 2011 based upon > OpenID Connect working group discussions that predated > draft-ietf-oauth-dyn-reg-00, and for which there are working group > notes documenting the OpenID Connect working group decisions prior > to the IETF -00 draft. Yes, there's plenty of evidence that the > IETF -01 draft copied text from the early OpenID Connect draft > (including in the change history), but the Connect authors were > careful to follow the OpenID Foundation's IPR process and not > incorporate contributions from third parties who hadn't signed an > OpenID IPR Contribution Agreement stating that the OpenID > Foundation was free to use their contributions. (This fills the > same role as the IETF Note well, but with a signed agreement, and > ensures that all developers can use the resulting specifications > without IPR concerns based on IPR that may be held by the > contributors.) The OpenID Connect Dynamic Registration draft > didn't copy from the UMA draft or the IETF draft derived from it, > so as to maintain the IPR integrity of the OpenID document. The > copying all went in the other direction. > > > > If portions of the UMA draft remained from -00 in the current > drafts, > > I'd be fine with the UMA attribution, but in practice they > don't. The > > UMA content was replaced with the OpenID Connect content. (I > believe > > that eventually UMA decided to drop their old draft and move to > > registration mechanisms that were compatible with Connect as > well, and > > stopped using their previous registration data formats.) > > > > -- Mike > > > > -----Original Message----- > > From: Justin Richer [mailto:jricher@MIT.EDU > <mailto:jricher@MIT.EDU>] > > Sent: Wednesday, July 16, 2014 4:53 AM > > To: Hannes Tschofenig; Mike Jones; oauth@ietf.org > <mailto:oauth@ietf.org> > > Subject: Re: [OAUTH-WG] Dynamic Client Registration: IPR > Confirmation > > > > I like the idea of adding some of the text in the introduction, > as I agree the compatibility is an important (and hard-won) > accomplishment. I think taking Mike's text, expanding it, and > putting it in the introduction might serve the overall purpose > just fine: > > > > Portions of this specification are derived from the OpenID > Connect Dynamic Registration [OpenID.Registration] specification > and from the User Managed Access [UMA] specification. This was > done so that implementations of these three specifications will be > compatible with one another. > > > > > > These are both informative references, so we can reference the > ID for UMA. > > > > -- Justin > > > > On 7/16/2014 7:44 AM, Hannes Tschofenig wrote: > >> Interesting background information. Maybe we should then extend the > >> note Mike provided to also clarify the relationship with the > UMA work > >> (both in terms to IPR, copyright, and attribution-wise). > >> > >> It would also make sense to state the relationship in the > >> introduction to highlight the compatibility, which I believe is > a big accomplishment. > >> > >> Ciao > >> Hannes > >> > >> On 07/16/2014 01:41 PM, Justin Richer wrote: > >>> I thought I had sent this note already, but I don't see it in the > >>> archives or in my 'sent' folder: > >>> > >>> If we're going to point to OpenID Connect (which I'm fine with), > >>> then we should clarify that portions were also taken from the > UMA specification. > >>> In fact, draft -00 actually *was* the UMA specification text > entirely. > >>> This is also what the OpenID Connect registration > specification was > >>> (loosely) based on when it was started. > >>> > >>> In reality, the relationship between these three documents from > >>> three different SBO's is more complicated: they all grew up > together > >>> and effectively merged to become wire-compatible with each other. > >>> There were a number of changes that were discussed here in the > IETF > >>> that OpenID Connect adopted, and a number of changes that were > >>> discussed at OIDF that were adopted here. OIDC also extends > the IETF > >>> draft with a set of OIDC-specific metadata fields and editorial > >>> language that makes it fit more closely in the OIDC landscape, > but make no mistake: > >>> they're the same protocol. In the case of UMA, it's a straight > >>> normative reference to the IETF document now because we were > able to > >>> incorporate those use cases and parameters directly. > >>> > >>> The trouble is, I'm not sure how to concisely state that all > that in > >>> the draft text, but it's not as simple as "we copied OpenID", > which > >>> is what the text below seems to say. > >>> > >>> -- Justin > >>> > >>> On 7/16/2014 6:17 AM, Hannes Tschofenig wrote: > >>>> Thanks, Mike. > >>>> > >>>> This is a useful addition and reflects the relationship > between the > >>>> two efforts. > >>>> > >>>> Please add it to the next draft version. > >>>> > >>>> Ciao > >>>> Hannes > >>>> > >>>> On 07/15/2014 09:46 PM, Mike Jones wrote: > >>>>> So that the working group has concrete language to consider, > >>>>> propose the following language to the OAuth Dynamic Client > Registration specification: > >>>>> > >>>>> > >>>>> > >>>>> Portions of this specification are derived from the OpenID > Connect > >>>>> Dynamic Registration [OpenID.Registration] specification. This > >>>>> was done so that implementations of this specification and > OpenID > >>>>> Connect Dynamic Registration can be compatible with one another. > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Mike > >>>>> > >>>>> > >>>>> > >>>>> *From:*OAuth [mailto:oauth-bounces@ietf.org > <mailto:oauth-bounces@ietf.org>] *On Behalf Of *Mike > >>>>> Jones > >>>>> *Sent:* Tuesday, July 08, 2014 7:15 PM > >>>>> *To:* Phil Hunt; Hannes Tschofenig > >>>>> *Cc:* Maciej Machulak; oauth@ietf.org <mailto:oauth@ietf.org> > >>>>> *Subject:* Re: [OAUTH-WG] Dynamic Client Registration: IPR > >>>>> Confirmation > >>>>> > >>>>> > >>>>> > >>>>> Thinking about this some more, there is one IPR issue that > we need > >>>>> to address before publication. This specification is a > derivative > >>>>> work from the OpenID Connect Dynamic Registration specification > >>>>> http://openid.net/specs/openid-connect-registration-1_0.html. > >>>>> Large portions of the text were copied wholesale from that > spec to > >>>>> this one, so that the two would be compatible. (This is good > >>>>> thing -- not a bad > >>>>> thing.) > >>>>> > >>>>> > >>>>> > >>>>> This is easy to address from an IPR perspective -- simply > >>>>> acknowledge that this spec is a derivative work and provide > proper > >>>>> attribution. The OpenID copyright in the spec at > >>>>> > http://openid.net/specs/openid-connect-registration-1_0.html#Notic > >>>>> e s allows for this resolution. It says: > >>>>> > >>>>> > >>>>> > >>>>> Copyright (c) 2014 The OpenID Foundation. > >>>>> > >>>>> The OpenID Foundation (OIDF) grants to any Contributor, > developer, > >>>>> implementer, or other interested party a non-exclusive, royalty > >>>>> free, worldwide copyright license to reproduce, prepare > derivative > >>>>> works from, distribute, perform and display, this Implementers > >>>>> Draft or Final Specification solely for the purposes of (i) > >>>>> developing specifications, and (ii) implementing Implementers > >>>>> Drafts and Final Specifications based on such documents, > provided > >>>>> that attribution be made to the OIDF as the source of the > >>>>> material, but that such attribution does not indicate an > endorsement by the OIDF. > >>>>> > >>>>> Let's add the reference and acknowledgment in the next version. > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Mike > >>>>> > >>>>> > >>>>> > >>>>> *From:*Mike Jones > >>>>> *Sent:* Tuesday, July 08, 2014 10:06 AM > >>>>> *To:* Phil Hunt; Hannes Tschofenig > >>>>> *Cc:* John Bradley; Justin Richer; Maciej Machulak; > oauth@ietf.org <mailto:oauth@ietf.org> > >>>>> <mailto:oauth@ietf.org <mailto:oauth@ietf.org>> > >>>>> *Subject:* RE: Dynamic Client Registration: IPR Confirmation > >>>>> > >>>>> > >>>>> > >>>>> I likewise do not hold any IPR on these specs. > >>>>> > >>>>> > ------------------------------------------------------------------ > >>>>> - > >>>>> ----- > >>>>> > >>>>> *From: *Phil Hunt <mailto:phil.hunt@oracle.com > <mailto:phil.hunt@oracle.com>> > >>>>> *Sent: *?7/?8/?2014 9:11 AM > >>>>> *To: *Hannes Tschofenig <mailto:hannes.tschofenig@gmx.net > <mailto:hannes.tschofenig@gmx.net>> > >>>>> *Cc: *Mike Jones <mailto:Michael.Jones@microsoft.com > <mailto:Michael.Jones@microsoft.com>>; John > >>>>> Bradley <mailto:ve7jtb@ve7jtb.com > <mailto:ve7jtb@ve7jtb.com>>; Justin Richer > >>>>> <mailto:jricher@mitre.org <mailto:jricher@mitre.org>>; > Maciej Machulak > >>>>> <mailto:m.p.machulak@ncl.ac.uk > <mailto:m.p.machulak@ncl.ac.uk>>; oauth@ietf.org > <mailto:oauth@ietf.org> > >>>>> <mailto:oauth@ietf.org <mailto:oauth@ietf.org>> > >>>>> *Subject: *Re: Dynamic Client Registration: IPR Confirmation > >>>>> > >>>>> I confirm I have no IPR disclosures on this document. > >>>>> > >>>>> Phil > >>>>> > >>>>>> On Jul 8, 2014, at 4:54, Hannes Tschofenig > <hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net> > <mailto:hannes.tschofenig@gmx.net > <mailto:hannes.tschofenig@gmx.net>>> wrote: > >>>>>> > >>>>>> Hi Phil, John, Maciej, Justin, Mike, > >>>>>> > >>>>>> I am working on the shepherd writeup for the dynamic client > >>>>>> registration document and one item in the template requires > me to > >>>>>> indicate whether each document author has confirmed that > any and > >>>>>> all appropriate IPR disclosures required for full conformance > >>>>>> with the provisions of BCP 78 and BCP 79 have already been > filed. > >>>>>> > >>>>>> Could you please confirm? > >>>>>> > >>>>>> Ciao > >>>>>> Hannes > >>>>>> > >>>>>> > >>>> _______________________________________________ > >>>> OAuth mailing list > >>>> OAuth@ietf.org <mailto:OAuth@ietf.org> > >>>> https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > > > > > -- > Maciej Machulak > email: maciej.machulak@gmail.com <mailto:maciej.machulak@gmail.com> > mobile: +44 7999 606 767 (UK) > mobile: +48 602 45 31 66 (PL) > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Justin Richer
- [OAUTH-WG] Dynamic Client Registration: IPR Confi… Hannes Tschofenig
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… John Bradley
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Phil Hunt
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Mike Jones
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Mike Jones
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… John Bradley
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Mike Jones
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Maciej Machulak
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Hannes Tschofenig
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Justin Richer
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Hannes Tschofenig
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Maciej Machulak
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Justin Richer
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Mike Jones
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Justin Richer
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Mike Jones
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Maciej Machulak
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… Justin Richer
- Re: [OAUTH-WG] Dynamic Client Registration: IPR C… John Bradley