The Bio

Recent Posts

View Stephen Walli's profile on LinkedIn
Subscribe to the feed

Categories

Archives


Search stephesblog

Google


Disclaimer and License

The posts on this blog are provided ‘as is’ with no warranties and confer no rights. The opinions expressed on this site are my own and do not necessarily represent those of my employer.
Creative Commons License
This work is licensed under a Creative Commons License.
Locations of visitors to this page
Powered by TypePad

« Repeating History: The OSDL and Free Standards Group Merge | Main | Unshakeable MySQL »

26 January 2007

There is NOTHING Wrong with the IETF IPR Policy

David Berlind reported that Larry Rosen has sent a letter to the IETF raising concerns  "regarding the formalization of a policy that paves the way for patented technologies to become IETF standards."

We went through this debate two years ago when OASIS revised their IPR policy.  These are GOOD policies.  A salient quote from that two year old post:

The customer of a standards organization is its members. The standards organization is a market oriented discussion forum where like-minded expert and experienced participants come together to agree on a specification that will enable multiple implementations of something.  In a perfect world it expands the overall market for a technology by creating a commodity of one component of that technology market.  This is why there are so many different standards organizations spanning the multifaceted marketplace.  If you're a member of OASIS, then join the discussion, debate the question, and vote.  If you're not a member, you aren't a customer, and you don't actually have a say.  That is the way standards works.

Most of the people that develop standards are vendors.  Consumers want standards because they understand successful standards have multiple implementations, and that will mean competition.  But they typically have little to do with developing the standards because they have neither the technology expertise nor the inclination.  They don't care what the standard is, but they do care that it exists. 

The customers of the actual standard are its implementors, but the key here is that interested implementors participate.  This is no different than the community of interest involved in a free or open source software project. 

The engineers and developers in standards organizations are generally funded by vendors and universities and these organizations are intellectual property owners. 

Larry raises his concerns with RFC3978. The more interesting document is RFC3979 ("Intellectual Property Rights in IETF Technology").  There are a couple of key quotes reflecting the extreme sanity of the group of people that have successfully delivered (and continue to deliver) the standards that enable people to read this post.  The most interesting sections are:

  • 4.1  No Determination of Reasonable and Non-discriminatory Terms
  • 6.5  What Licensing Information to Detail in a Disclosure
  • 8.   Evaluating Alternative Technologies in IETF Working Groups

I've included the full sections below for reference.  These are eminently reasonable rules for the engineers and developers that come together to develop the standards that define our on-line life.  They reflect the reality of the marketplace, and the deep experience this organization has through 20+ years of developing these critical standards.

Standards do not happen in a vacuum.  They happen in processes that are under the microscope to ensure fair play and participation during their development, and to ensure sufficient transparency to prevent vendor collusion.  They happen in a marketplace of vendors competing for customers at a point when the technology has matured and can best be abstracted.   

Some of these participants have intellectual property.  (Some of those same intellectual property holders are free and open source software contributors.)  If you prevent them from participating through onerous rules, then two things happen and neither is good. 

First, you lose critical engineering experience and expertise and the resulting standard (therefore all its implementations) will be poorer for it.  Second, you force them to sit outside waiting for the standard to land such that they can tax it.   Having them in the standards working group negotiating in transparent conversations is a much better situation for everyone involved.

Pax. 

The interesting bits of RFC3979:

4.1.  No Determination of Reasonable and Non-discriminatory Terms

   The IESG will not make any explicit determination that the assurance
   of reasonable and non-discriminatory terms or any other terms for the
   use of an Implementing Technology has been fulfilled in practice.  It
   will instead apply the normal requirements for the advancement of
   Internet Standards.  If the two unrelated implementations of the
   specification that are required to advance from Proposed Standard to
   Draft Standard have been produced by different organizations or
   individuals, or if the "significant implementation and successful
   operational experience" required to advance from Draft Standard to
   Standard has been achieved, the IESG will presume that the terms are
   reasonable and to some degree non-discriminatory.  (See RFC 2026,
   Section 4.1.3.) Note that this also applies to the case where
   multiple implementers have concluded that no licensing is required.
   This presumption may be challenged at any time, including during the
   Last-Call period by sending email to the IESG.

6.5.  What Licensing Information to Detail in a Disclosure

   Since IPR disclosures will be used by IETF working groups during
   their evaluation of alternative technical solutions, it is helpful if
   an IPR disclosure includes information about licensing of the IPR in
   case Implementing Technologies require a license.  Specifically, it
   is helpful to indicate whether, upon approval by the IESG for
   publication as RFCs of the relevant IETF specification(s), all
   persons will be able to obtain the right to implement, use,
   distribute and exercise other rights with respect to an Implementing
   Technology a) under a royalty-free and otherwise reasonable and non-
   discriminatory license, or b) under a license that contains
   reasonable and non-discriminatory terms and conditions, including a
   reasonable royalty or other payment, or c) without the need to obtain
   a license from the IPR holder.

   The inclusion of licensing information in IPR disclosures is not
   mandatory but it is encouraged so that the working groups will have
   as much information as they can during their deliberations.  If the
   inclusion of licensing information in an IPR disclosure would
   significantly delay its submission it is quite reasonable to submit a
   disclosure without licensing information and then submit a new
   disclosure when the licensing information becomes available.

8.  Evaluating Alternative Technologies in IETF Working Groups

   In general, IETF working groups prefer technologies with no known IPR
   claims or, for technologies with claims against them, an offer of
   royalty-free licensing.  But IETF working groups have the discretion
   to adopt technology with a commitment of fair and non-discriminatory
   terms, or even with no licensing commitment, if they feel that this
   technology is superior enough to alternatives with fewer IPR claims
   or free licensing to outweigh the potential cost of the licenses.

   Over the last few years the IETF has adopted stricter requirements
   for some security technologies.  It has become common to have a
   mandatory-to-implement security technology in IETF technology
   specifications.  This is to ensure that there will be at least one
   common security technology present in all implementations of such a
   specification that can be used in all cases.  This does not limit the
   specification from including other security technologies, the use of
   which could be negotiated between implementations.  An IETF consensus
   has developed that no mandatory-to-implement security technology can
   be specified in an IETF specification unless it has no known IPR
   claims against it or a royalty-free license is available to
   implementers of the specification unless there is a very good reason
   to do so.  This limitation does not extend to other security
   technologies in the same specification if they are not listed as
   mandatory-to-implement.

   It should also be noted that the absence of IPR disclosures is not
   the same thing as the knowledge that there will be no IPR claims in
   the future.  People or organizations not currently involved in the
   IETF or people or organizations that discover IPR they feel to be
   relevant in their patent portfolios can make IPR disclosures at any
   time.

   It should also be noted that the validity and enforceability of any
   IPR may be challenged for legitimate reasons, and the mere existence
   of an IPR disclosure should not automatically be taken to mean that
   the disclosed IPR is valid or enforceable.  Although the IETF can
   make no actual determination of validity, enforceability or
   applicability of any particular IPR claim, it is reasonable that a
   working group will take into account on their own opinions of the
   validity, enforceability or applicability of Intellectual Property
   Rights in their evaluation of alternative technologies.

 

26 January 2007 at 01:16 |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c57b753ef00d8352703da53ef

Listed below are links to weblogs that reference There is NOTHING Wrong with the IETF IPR Policy:

Comments

Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.