Starting work on the shibboleth-sp2 packages
cantor.2 at osu.edu
Tue Jun 24 19:32:49 UTC 2008
> Hm, at first glance, if OASIS is happy with copying of those parts of the
> standard without any copyright notice, I wonder if they consider them
> copyrightable. One could make a strong argument that a schema document
> itself is a functional interface specification and hence isn't
> copyrightable under US law.
It's news to me that you can't copyright a header file (people do it all the
time). I don't see much difference here.
> According to the OASIS page, the general copyright for the specifications
> themselves is somewhat problematic, but it's not clear if that covers the
It most likely does, and it's just an oversight or lack of attention that
the schemas don't carry the same notice.
> I could argue that excerpting the schemas falls under the above license
> grant, but it's not clear that modifying the schemas to develop another
> protocol based on SAML would be covered, which would be a problem from the
> DFSG perspective.
Schemas aside, if you did that you'd be running into all the IPR on SAML
itself, which has non-assertion covenants only insofar as one is
implementing the specification.
Since some of that IPR is very generic, any web SSO technology is inevitably
going to infringe (or, as I suspect, render the patents themselves invalid
through prior art, but nobody's going to spend the money to fight them).
In other words, as an example, OpenID is probably encumbered, but gets a
free pass because they don't try to clarify their situation. That attitude
is prevalent in the ASF, for example; I call it "don't ask, don't tell".
> Has OASIS ever commented one way or the other on your use of the schemas
> or on any copyright notices that might be required for them?
Not that I recall.
> The W3C documents were more of a concern because they contain large blocks
> of text which is copyrightable in its own right. The OASIS schemas don't
> contain enough English text to be copyrightable independently of the rest
> of the schema, only at most brief revision histories, so if the schemas
> fall under the interface exception to US copyright law, there probably
> isn't a problem.
I'm not familiar with the exception.
More information about the Pkg-shibboleth-devel