Re: [W3C Web Crypto WG] Rechartering discussion - Gemalto contribution

On 02/02/2015 10:00 PM, Siva Narendra wrote:
> Hi Ryan  --- IPR related to GP is dangerous compared to what? FIDO is not
> immune to IPR -- is it?
> 
> At least in the case of GP it is mature to enough to know who owns what.
> According to this document attached (and available online here
> <http://fidoalliance.org/assets/downloads/FIDO_IPR_-_Counsel_Approved.pdf>)
> it is clear that FIDO is concerned about IPR just as much as any other
> standards would be.
> 
> Irrespective, it is precisely this unknown that would make it more
> dangerous to limit the web to one protocol with unproven IPR that might
> ultimately stifle innovation.

Note that as regards both FIDO and GP, W3C Rec-track standardization is
a good thing from an IPR perspective and we should not let IPR concerns
block the right set of specs being produced.

The reason a *Working Group* is useful is due to the stronger patent
commits to the charter and final specs once they hit W3C Recommendation
status, as relevant patents are bound to be committed by member
companies and invited experts to the final document under a royalty-free
licesning. If not, we have a mature patent exclusion and patent advisory
group process I'm sure Wendy and Rigo can describe in detail if needed.
It would be problematic to bind to IPR in any normative way, which is
one reason the W3C is rather strict with its normative referencing
policy - as painful as that makes creating the specs sometimes.

A Community Groups offer a much weaker form of IPR protection, which is
one reason why a Working Group would be preferred in this space.  As one
of the initiators of the Community Group process inside W3C a few years
back, I can explain in detail if needed, but effectively it requires
only individual level IPR commits, not company wide.

Again, W3C has expressed being very open to do this in whatever WG (or
start a new one) that the WG members want it to be in. WebAppSec,
Crypto, or starting a new WG have all been mentioned.

    cheers,
        harry

> 
> -Siva
> 
> 
> 
> *--*
> 
> 
> *Siva G. Narendra Ph.D. CEO - Tyfone, Inc.Portland | Bangalore |
> Taipeiwww.tyfone.com <http://www.tyfone.com>*
> *Voice: +1.661.412.2233*
> 
> 
> On Mon, Feb 2, 2015 at 12:36 PM, Ryan Sleevi <sleevi@google.com> wrote:
> 
>>
>>
>> On Mon, Feb 2, 2015 at 12:28 PM, Siva Narendra <siva@tyfone.com> wrote:
>>
>>> Hi Anders. While traditional EMV on GP Smart Card does not easily allow
>>> for it, that is exactly what EMV Tokenization enables. Apple Pay implements
>>> EMV Tokenization on a GP Smart Card chip. Google Wallet can leverage EMV
>>> Tokenization independent of Apple for the same credit card number. And so
>>> can other independent GP hardware. Similar to Tokenization for EMV, atleast
>>> in the US even the government standards for CAC/PIV recently released what
>>> is called as Derived Credential. This space is rapidly evolving and we
>>> shouldn't get tied up with one approach such as FIDO assuming rest of the
>>> world will adopt it.
>>>
>>> Best,
>>> Siva
>>>
>>>
>>>
>>> *--*
>>>
>>>
>>> *Siva G. Narendra Ph.D. CEO - Tyfone, Inc.Portland | Bangalore |
>>> Taipeiwww.tyfone.com <http://www.tyfone.com>*
>>> *Voice: +1.661.412.2233 <%2B1.661.412.2233>*
>>>
>>>
>> Given the IPR situation with Global Platform, I think it's disingenuous to
>> dangerous to suggest it's a viable path for web standardization.
>>
>> While this is ultimately speculative, since it depends precisely on if and
>> what the WG decides to pursue, I think it bears mentioning
>> http://www.globalplatform.org/specificationsipdisclaimers.asp
>>
>

Received on Monday, 2 February 2015 21:10:15 UTC