[OAUTH-WG] Copyright and IPR Question regarding IETF OAuth Dynamic Client Registration Specification
Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 21 August 2014 12:04 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5287A1A6EF9 for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 05:04:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level:
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fBEWuIA1oXI7 for <oauth@ietfa.amsl.com>; Thu, 21 Aug 2014 05:04:36 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C098B1A6EF4 for <oauth@ietf.org>; Thu, 21 Aug 2014 05:04:35 -0700 (PDT)
Received: from [172.16.254.105] ([80.92.114.129]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MLA45-1XKA7L1Su9-000IGc; Thu, 21 Aug 2014 14:04:15 +0200
Message-ID: <53F5E16A.60200@gmx.net>
Date: Thu, 21 Aug 2014 14:09:14 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: cntreras@gmail.com, sob@harvard.edu
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="CnIxhjQ8Uc9dwIff3LjMVklNWAC6q0QIN"
X-Provags-ID: V03:K0:twqWKIXMTbe/NFbs87EOEWvtbv0JXxRnnx31GK2sB0ryuCL/2sH LEhSCUbjDXodGF4dYpp/3EI17a3lRF7YsBhcaHdThxiCAlPB2XiJ6M0ch4uiIJvh1rLcBt0 FlzH6v4Go0xowyCSpDjqEn/4L7LrsAMB/ceYV/T0EVZxqNVe3xuPftBR5Ym3X1xExABkX2n vc5zsmmv01qMi/zrZhfKw==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/vVTpycM50gf2he38Xchdk0YE44k
Cc: Maciej Machulak <m.p.machulak@ncl.ac.uk>, Derek Atkins <derek@ihtfp.com>, "oauth@ietf.org" <oauth@ietf.org>
Subject: [OAUTH-WG] Copyright and IPR Question regarding IETF OAuth Dynamic Client Registration Specification
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 12:04:38 -0000
Hi Jorge, Hi Scott, we need your advice in the OAuth working group. We are about to finalize a specification called 'Dynamic Client Registration' (http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-19) and this document intentionally harmonizes work done in two other organizations, namely in Kantara and in the OpenID Foundation. As part of this harmonization text was copied from specifications developed by these two organizations. When I did my shepherd write-up the question about potential copyright and IPR issues surfaced. Currently, we have put the following text into draft-ietf-oauth-dyn-reg-19 to reference and acknowledge the work done in UMA and in the OpenID Foundation concerning the history: " Multiple applications using OAuth 2.0 have previously developed mechanisms for accomplishing such registrations. This specification generalizes the registration mechanisms defined by the OpenID Connect Dynamic Client Registration 1.0 [OpenID.Registration] specification and used by the User Managed Access (UMA) Profile of OAuth 2.0 [I-D.hardjono-oauth-umacore] specification in a way that is compatible with both, while being applicable to a wider set of OAuth 2.0 use cases. " The copyright situation with the UMA work might be easier since the UMA working group decided to publish their material as an IETF draft - [I-D.hardjono-oauth-umacore]. The OpenID Connect Registration draft (see http://openid.net/specs/openid-connect-registration-1_0.html) provides information about the copyright by saying: " The OpenID Foundation (OIDF) grants to any Contributor, developer, implementer, or other interested party a non-exclusive, royalty free, worldwide copyright license to reproduce, prepare derivative works from, distribute, perform and display, this Implementers Draft or Final Specification solely for the purposes of (i) developing specifications, and (ii) implementing Implementers Drafts and Final Specifications based on such documents, provided that attribution be made to the OIDF as the source of the material, but that such attribution does not indicate an endorsement by the OIDF. " I believe we are OK copying text from your specifications but the IPR situation is unclear to me since the IPR rules of these two organizations are different to those in the IETF. The IPR policies of the two organizations are described here: http://openid.net/intellectual-property/ http://kantarainitiative.org/confluence/download/attachments/2293776/Kantara%20Initiative%20IPR%20Policies%20_V1.1_.pdf I put the co-chairs of the Kantara UMA working group (see http://kantarainitiative.org/confluence/display/uma/Home) and the chairman of the OpenID Foundation (see http://openid.net/foundation/leadership/) on CC to help with potential questions. They are well aware of the IETF work on the dynamic client registration specification. Thanks for your help. Ciao Hannes & Derek
- [OAUTH-WG] Copyright and IPR Question regarding I… Hannes Tschofenig