IPR Policy Meeting June 5

Contents 1 OpenID IPR Policy Creation Notes 1.1 Goals 1.2 Attending 1.3 Major Principles 1.4 High Level Topics 1.4.1 Types of Intellectual Property 1.4.1.1 Copyright 1.4.1.2 Patents 1.4.1.3 Trade Secrets 1.4.2 Scope 1.4.3 Identification of Contributors 1.4.4 Disclosure 1.5 Next Steps

OpenID IPR Policy Creation Notes

June 5, 2007

Hosted by VeriSign in Mountain View CA

Goals

1. Further discuss areas of contention, agreement, and requirements among large corporations in the context of the first draft of an OpenID IPR Policy and Process (http://openid.net/wiki/index.php/Formal_IPR_Policy).
2. Achieve an agreement in principle about the IPR direction and major elements of a resulting policy.
3. Identify the more difficult or controversial issues and ways to address them moving forward.
4. End the meeting with clear next steps leading to a second draft of the policy which would, in principle, be satisfactory to the participants.

Attending

It should be noted that attendance makes no representation as to commitment to OpenID or efforts around it. Rather a variety of large service providers were invited to provide feedback on the IPR policy being developed.

• Gabe Wachob – Amsoft and the OpenID Foundation
• Terry Hayes – AOL representing George Fletcher
• David Daggett – representing Ron Moore of Microsoft
• Mike Jones – Microsoft
• Johannes Ernst – NetMesh and the OpenID Foundation
• Bill Washburn – OpenID Foundation
• Jonathan Nimer – SUN representing Bill Smith
• Brian Hernacki – Symantec
• David Recordon – VeriSign and the OpenID Foundation
• Judith Szepesi – VeriSign
• Michael Chen Lee – Yahoo!
• Shreyas Doshi – Yahoo!

Major Principles

The following are principals of the OpenID community that must be maintained in the creation of any IPR policy and framework to support the community.

1. OpenID must be freely and broadly available, to individuals, the largest of corporations and governments, and everyone in between.
2. Any policy created must support the international nature of the OpenID community and thus be appropriate both inside and outside of the United States and North America.
3. The resulting policy must enable participants to limit the scope of their contributions, including the ability to explicitly exclude intellectual property they do not wish to contribute.
4. There must be no requirement to pay to use OpenID.
5. Any sort of licenses or other rights to implement approved, final specifications must be granted automatically to implementers and users.

Note: As used in this document, “use” of OpenID means use or implementation of normative portions of any approved, final OpenID specification within the bounds of the agreed broad working scope.

High Level Topics

Types of Intellectual Property

Copyright

• It is recommended that the copyright in contributions would continue to be held by each of the individual contributors which when becoming a contributor would agree to freely license copyrights in their contributions to the OpenID Foundation for use to develop and promulgate OpenID specifications and for related uses.
• The role of editing the specifications would be performed by a representative of the Foundation (we need to examine what this means practically) so that the Foundation would hold the resulting aggregate copyright of the finished specification.
• The Foundation would then license copyrights in the resulting specification in an appropriate manner to be agreed upon within the community such as a Creative Commons style license.

Patents

• The major focus of this policy will be on patents and the majority of the discussion can be found in the disclosure section of these notes.

Trade Secrets

• This policy will not be dealing with trade secrets as all OpenID specification development covered occurs in a non-confidential setting.

Scope

1. The identified scope should be minimal to the specification’s intellectual property. Questions surrounding intellectual property that sits at the edge of a specification will have to be dealt with on a case by case basis.
2. The policy should protect contributors, implementers, and users in a symmetrical fashion. (This already maps to the Microsoft Open Specification Promise or the SUN or VeriSign issued OpenID Non-Assertion Covenants)
3. Licensing should be on a per-specification, per-version basis. When new versions of an existing specification are released, contributors are unable to revoke existing licenses or rights in a prior specification version, although contributors are not required to license or extend rights in necessary claims in the delta between the specification versions.
4. As it is nearly impossible to define a scope at the beginning of a specification drafting process to the degree needed to make IPR commitments while allowing the specification to naturally evolve during its development, it will not be a requirement of the IPR policy to do so. The final “scope” will be determined based upon the proposed final specification, and contributors will have broad rights to exclude necessary claims, during a specific review and exclusion period, before a final specification is approved. Concerns are recognized as to the possibility of a company being able to “torpedo” a specification by pulling out during this review period, though it is felt that the public community ridicule in doing so will help to mitigate these situations.

Identification of Contributors

It was agreed that the easiest method to identify contributors would be for them to self identify upon signing up for, or some other active participation metric, specification development mailing lists. It is envisioned that upon being enabled to post to any specification development mailing list hosted on openid.net (to be identified by the address of specs-*@openid.net) the contributor will first be required to self assert (optimally, in electronic form, although the final form of this assertion is yet to be determined). During the assertion process the contributor will identify the mailing list(s) they wish to participate in, if they are participating as an individual or a corporate representative, and any IPR restrictions associated with their employer.

Resulting contributors will be placed in one of the five categories:

1. Individual avows s/he is an independent individual and all his/her contributions are exclusively self owned – “I stipulate that no other entity has any rights or claims on my contributions.”
2. Individual works for an organization, but entity has no right or claim on any of my contributions (requires statement from employer supporting this assertion).
3. Individual owns none of her/his contributions because employer has ownership rights to all IP contributions. Presumably this will force such individuals to withdraw unless they can get their employer to affirm the company/entity will be bound by the OpenID IPR Policy.
4. Corporate representative is participating, and corporate entity/employer has agreed to be bound by the OpenID IPR policy so that multiple employees can participate versus a “one off” case as described in #3.
5. Other situations – such as individual works as a consultant and multiple assertions must be gathered… etc.

Disclosure

As it is impractical for most corporate participants to be continuously analyzing their patent portfolios in relation to the ongoing specification development, disclosure will not be required at the beginning nor during the drafting process. When becoming a contributor, in addition to the copyright licensing agreement, the contributor would state their intent to license (or equivalent non-assert/OSP) rights to use/implement/etc all necessary claims implicated by the OpenID specifications per the IPR policy, subject to “opting out” (i.e., excluding necessary claims) during a final review period. While the exact length of the review period is currently undefined, other organizations have a 45 day window.

At the end of the final review period, if a contributor does not explicitly opt-out from licensing (or equivalent non-assert/OSP per the IPR policy), all necessary claims (as defined relative to OpenID specifications in the IPR policy) in the approved, final OpenID Specification will be licensed (or be non- assert-able) automatically to the extent provided in the IPR Policy. Other implementers or users of the approved, final OpenID specification are similarly encouraged to license (or to agree not to assert) their applicable patent claims. (There is an ongoing discussion as to if implementers and users should also be required to agree not to assert.) To the extent that such users or implementers timely self-identify, they may be included in the list of companies not asserting IP rights in the approved, final specification when the final specification becomes published.

One open issue is the timing when this IPR review period will occur. It often occurs in conjunction with asking for wider review of the specification from a technical perspective and encouraging the creation of implementations of the specification for testing. This currently happens as part of the OpenID specification drafting process. It is envisioned that the IPR review window will have to occur once the specification is deemed “final” and thus no longer changing from a technical perspective. It must go without saying that anyone providing any feedback to a specification on a specs-*@openid.net list must first become a contributor through the process described above before providing such feedback. To insure that approved, final specifications promulgated by the OpenID Foundation remain freely available for implementation within the bounds of the final scope, all contributions to OpenID specifications must be made subject to the IPR Policy. To effectuate this goal, the OpenID Foundation will not review feedback to a developing specification unless it is provided through a specs-*@openid.net list or otherwise by a contributor to a specs-*@openid.net list.

(There is also an emerging discussion as to if there should be provisions for interim-licensing or non-assertion statements prior to a specification becoming final. This would more cleanly allow for implementations during the drafting periods.)

Next Steps

1. David Daggett will work with Gabe Wachob and David Recordon to draft the next version of the IPR Policy. It is envisioned this will take about two weeks.
2. Once the second draft is created, a similar review process will occur. As always planned, we will be requesting feedback from an even wider group of the OpenID community beyond just large companies.
3. We must start eliciting international feedback and work to coordinate with the OpenID Europe Foundation. We will largely look toward companies with international presences for initial feedback.