Starting work on the shibboleth-sp2 packages

Scott Cantor cantor.2 at osu.edu
Tue Jun 24 21:50:16 UTC 2008


> That's definitely true.  The not copyrightable language comes from things
> like phone books (there is settled case law saying that lists of facts
> aren't copyrightable at all), but I don't know if that extends to the
> expression of a library interface or a protocol specification.

I very much doubt it (I'm familiar with the phone book exception, and I've
never heard it applied to an API before).

The really interesting question is whether a schema would be treated like an
API, but I have no idea about that.

> If we could avoid even having to dive into this legal theory, that would
> be great.  That's similarly why I just dropped the WS-Trust.xsd file
> without trying to pursue it, since it's not required for Shibboleth to
> work.  But as you point out, the OASIS SAML schemas are.

So, off the top of my head, before I get a final answer, I can say that I
*think* the reason the schemas aren't separately copyrighted is that the
normative specs (the ODT/PDF files) actually have the schemas inside them,
it's just broken up into sections.

One of the long-standing SAML rules has been that the specs win. If the
schema file is out of sync, it loses. So given that, I think the presumption
you can operate from is that the copyright on the specs applies to the
schema files, even though it doesn't appear on them. Not saying that holds
"legally", but in terms of what the TC's intent has been, I believe that's
the reason for the difference.

I'll find out for sure, but I think you can operate from that assumption for
the moment.

-- Scott





More information about the Pkg-shibboleth-devel mailing list