XACML IPR and profiling

As already noted, the XACML IPR policy is "RF on Limited Terms" [1]. This means that essential claims required to implement the XACML 2.0 specification are licensed royalty free and the additional terms and conditions are limited as according to the OASIS IPR policy [2]. This is pretty close to the W3C licensing if I'm not mistaken.

Thus I do not expect IPR to be a concern if we build a profile of XACML 2.0, since then it is an XACML implementation and essential claims for XACML 2.0 are covered by the OASIS IPR policy.
Of course the only obligated parties are those who participated/contributed in the XACML TC, and anyone in the world might have a patent, but that is always the risk with standards.

If however it is not a profile then there might be cause for more concern since licensors then would not be required to provide licenses under OASIS terms if it is not an implementation of the OASIS standard.

I note also  that there have been some disclosures [1], though I have not looked into them.

Disclaimer - I am not a lawyer and this does not constitute legal advice.

This should complete ACTION-185.

This is also an argument for making a profile of XACML 2.0, as opposed to "something similar".

regards, Frederick

Frederick Hirsch
Nokia

[1] http://www.oasis-open.org/committees/xacml/ipr.php

[2] http://www.oasis-open.org/who/intellectualproperty.php#licensing_req

On Jun 22, 2010, at 5:10 AM, ext Dominique Hazael-Massieux wrote:

> Hi,
> 
> Le mardi 15 juin 2010 à 14:42 +0200, Dominique Hazael-Massieux a écrit :
>> ** the document is called a XACML profile, is said to use XACML20, but
>> there is absolutely no explanation as to what this means in practice,
>> what are the difference with XACML 2.0 or how it relies on it; I guess
>> some text from the framework could be moved to it or re-used, but I
>> think some more explanation on the relationship would be needed in any
>> case
> 
> I looked a bit into this, and looking at XACML 2.0 [1], it’s pretty
> clear that calling our document a “XACML profile” is more than a bit of
> a stretch:
> • it’s not using the XACML namespace
> (urn:oasis:names:tc:xacml:2.0:policy)
> • it’s not using the same elements names (XACML uses capitalized
> elements names, our document use lowercase hyphen-separated names)
> • the schema is different in many ways (some XACML elements are
> translated into attributes, many XACML elements are ommitted)
> • the processing model looks quite different as well (although I haven’t
> tried to investigate it in detais)
> • our profile doesn’t extend XACML in any of the ways defined by the
> XACML spec (in section “8. XACML extensibility points”, which I note is
> not normative)
> 
> I’m sure there were good reasons for all these differences — from what I
> recall, one of them included simplification; but under that light, I
> don't think we can call that document a XACML Profile.
> 
> Independently of that, I still think the document should explain and
> justify these differences, possibly in an informative appendix; I'm not
> entirely sure what the IPR implications of adapting the XACML spec are.
> 
> Dom
> 
> 1.
> http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
> 
> 
> 

Received on Tuesday, 22 June 2010 13:02:41 UTC