Starting work on the shibboleth-sp2 packages

Scott Cantor cantor.2 at osu.edu
Tue Jun 24 19:32:49 UTC 2008


> Hm, at first glance, if OASIS is happy with copying of those parts of the
> standard without any copyright notice, I wonder if they consider them
> copyrightable.  One could make a strong argument that a schema document
> itself is a functional interface specification and hence isn't
> copyrightable under US law.

It's news to me that you can't copyright a header file (people do it all the
time). I don't see much difference here.

> According to the OASIS page, the general copyright for the specifications
> themselves is somewhat problematic, but it's not clear if that covers the
> schema:

It most likely does, and it's just an oversight or lack of attention that
the schemas don't carry the same notice.

> I could argue that excerpting the schemas falls under the above license
> grant, but it's not clear that modifying the schemas to develop another
> protocol based on SAML would be covered, which would be a problem from the
> DFSG perspective.

Schemas aside, if you did that you'd be running into all the IPR on SAML
itself, which has non-assertion covenants only insofar as one is
implementing the specification.

http://www.oasis-open.org/committees/security/ipr.php

Since some of that IPR is very generic, any web SSO technology is inevitably
going to infringe (or, as I suspect, render the patents themselves invalid
through prior art, but nobody's going to spend the money to fight them).

In other words, as an example, OpenID is probably encumbered, but gets a
free pass because they don't try to clarify their situation. That attitude
is prevalent in the ASF, for example; I call it "don't ask, don't tell".

> Has OASIS ever commented one way or the other on your use of the schemas
> or on any copyright notices that might be required for them?

Not that I recall.
 
> The W3C documents were more of a concern because they contain large blocks
> of text which is copyrightable in its own right.  The OASIS schemas don't
> contain enough English text to be copyrightable independently of the rest
> of the schema, only at most brief revision histories, so if the schemas
> fall under the interface exception to US copyright law, there probably
> isn't a problem.

I'm not familiar with the exception.

-- Scott





More information about the Pkg-shibboleth-devel mailing list