OpenID Wiki:IPR Policy

Note: this page will be superceded by Formal IPR Policy when it is complete. Until then, it remains the normative IPR policy for this wiki and the OpenID specifications.

This page contains the proposed IPR (Intellectual Property Rights) policies that all participants in the OpenID community, as embodied by OpenID.net, agree to abide by for the protection of all members of the community. They include:

1. The proposed text to be included as the copyright statement in all OpenID specifications.
2. The proposed patent policy that applies to all OpenID specifications.
3. The proposed committer license that applies to all contributions to the OpenID wiki contents and documents.

These were drafted by Gabe Wachob and David Recordon. Feedback is actively solicited via the OpenID General mailing list.

Contents 1 Copyright License 2 Patent Policy 2.1 Open Issues 3 Contributor License Agreement (CLA) for Committers

Copyright License

This specification is (C) 2005-2006 by the authors. However, the authors intend to submit this specification to a standards body with a liberal copyright/licensing policy such as the IETF (http://ietf.org), W3C (http://w3.org) and/or OASIS (http://www.oasis-open.org). Anyone wishing to contribute should read their copyright principles, policies and licenses (e.g. the GMPG Principles (http://gmpg.org/principles)) and agree to them, including licensing of all contributions under all required licenses (e.g. CC-by 1.0 (http://creativecommons.org/licenses/by/1.0/) and later), before contributing.

Patent Policy

"If you have a patent that applies, either license it for free or go away, but you have to tell us either way."

The intent of this group is to produce standards and technologies that are free from patent encumbrances. If you post to any of the openid.net email lists, with the exception of announce@openid.net, you are required to disclose any potential patent claims, either in pending applications or in issued patents, that would be considered Essential Claims per the OASIS IPR policy of April 15, 2005 (http://www.oasis-open.org/who/intellectualproperty.php).

If you have these claims, you MUST disclose them to the list (mailto:specs@openid.net), and you MUST offer either a royalty free license, a covenant of non-assertion, or equivalent promise which would satisfy both the terms of the OASIS Royalty-Free (Limited Terms) and W3C Patent Policies (http://www.w3.org/Consortium/Patent-Policy-20040205/). If you do not disclose your claims or do not execute a license/non-assertion covenant and you remain subscribed to the above mentioned lists, then you are creating an implicit license which satisfies both the OASIS Royalty-Free (Limited Terms) and W3C Patent Policies for use of the patented claims for any of the OpenID specifications

Individuals subscribed to the list are expected to represent their employers, and subject them to these requirements, if they use a domain name in their email subscription which belongs to their employers, or if they contain a reference to their employer in the emails sent to the list.

Open Issues

1) Does the requirement of disclosure for non-published patent applications cause problems?

2) Is the definition of "Essential Claim" really good enough because in the OpenID world, its not always clear what the specification being developed is? That is, the process is so loose that its not clear when a disclosure requirement would be triggered because its not clear when a patent claim would be considered implicated by a specification under discussion?

3) At least one member of the community has suggested that the language around "requiring a license" isn't strong enough for enabling open source implementations - that language which creates an implied license, estoppel, etc that bars enforcement of a patent claim merely by contributing should be in the language. This is not common in most standards bodies because typically a participant has a right to withdraw from the process and retain their right to enforce their patent claims. Also, its not clear how enforceable such a term would be, from a legal standpoint.

4) Should there be a termination clause that applies to all licenses granted to a party who sues? In OASIS & W3C (standards bodies), only those licenses from the party being sued are terminated. In Apache (a software devel group), the licesnses from *all* parties may be terminated. To me (=GabeW), this distinction doesn't seem important - since the lack of a license for single essential claim means that you can't use/implement the spec, so isn't this as effective as lacking the license for multiple claims? In other words, doesn't the threat of lacking the license for one essential claim because of litigation create effectively the same disincentive as lacking a license for all the essential claims?

Contributor License Agreement (CLA) for Committers

As a committer, I assert that I have the right to add the content that I am committing, and that I am not aware of any patent or other claims that would require the use of or in any way be covered by any intellectual property which is not disclosed and licensed per the OpenID patent policy.