 |
|
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
David Berlind's Reality Check
By David Berlind
March 3, 2004
In a recent column about OATH, a new token-based security authentication initiative being spearheaded by VeriSign, I hypothesized that one of the fledgling group's obstacles to success may be prior art. The source of that concern stemmed from my investigation into the Liberty Alliance and whether it can deliver on its promise to deliver royalty-free standards for federated identity. Much the same way OATH was borne out of one vendor's (VeriSign) concern that another vendor's (RSA Security) proprietary technology was gaining too much market control, the Liberty Alliance was borne two years ago out of Sun's concern that Microsoft's Passport proprietary single sign-on technology could give that company unprecedented control over not just the technology industry and the Internet, but other industries as well, such as financial services and entertainment. OATH and Liberty represent a new breed of quasi-standards consortia. Although not recognized as official standards bodies like the World Wide Web Consortium (W3C), the Institute of Electrical and Electronics Engineers (IEEE), or the International Organization for Standardization (ISO), they're each organized around the principle of delivering a royalty-free standard that addresses an important but niche problem in a way that they hope will neutralize the monopoly-like impact (foreclosure on competition, elevated cost, stifled innovation, etc.) that's often associated with a current or potential proprietary de facto standard. But, as honorable as their intentions are, I'm beginning to wonder how much room such organizations have to make good on their promise to deliver royalty-free specifications. For single-standard organizations like OATH and the Liberty Alliance to guarantee the royalty-free nature of a new standard, they must pass an intellectual property (IP) litmus test. The standard must be so new and innovative that there's no relevant prior art and therefore no potential for IP infringement. Or, if there is prior art, the owners of that IP must agree to contribute it to the new standard in a way that guarantees that they won't come back later, after the standard has been ratified and say, "Hey, that's our IP. Pay us or stop using it." As I wrote in a column about the hidden toll of patents on standards and as was almost proven by Eolas' so-far successful lawsuit against Microsoft, a single IP holder can undo all of the good that a royalty-free standard is designed to do. For as far back as I can remember, producing royalty-free standards has always been a chief tenet of the Liberty Alliance. You'd have to search pretty hard on the organization's Web site to find mention of this value, which was surprising to me. Nevertheless, according to Bill Smith, Sun's director of software standards and secretary for the Liberty Alliance, the alliance's policy "is a very strong royalty-free policy." As it turns out, "very strong" isn't the same as "guaranteed." While the Liberty Alliance has strong royalty-free values, that stance may not be enough to guarantee that some or all of the organization's specifications themselves will be royalty-free. What could undermine the royalty-free nature of a specification? The first and most obvious problem is the one in which the specification ends up infringing on the intellectual property rights (IPR) of an IP holder that isn't connected with the organization. A ruthless IP holder, for example, may know of a standards organization's existence and purpose, but may choose to keep quiet until after the organization starts ratifying specifications. For years, British Telecom (BT) sat on what it considered a fundamental principal behind the Web's usability: hyperlinking. Almost out of nowhere, the company attempted to enforce its IPR. One of the problems with an infringement claim is that the alleged infringement doesn't have to be a line-for-line or code-for-code theft or misappropriation. As the database of IPR disclosures found on the Liberty Alliance's Web site proves, a specification (technically, the implementation of a spec) can easily overlap multiple patents. For example, of the five companies that make intellectual property disclosures on the Liberty Alliance Web site, three of them--Fidelity Investments, Time Warner, and Sony Corporation--all claim to have domestic patents relevant to the specification (Citigroup is also listed as a holder of non-domestic patents). It's doubtful that any of those patents are a direct match to Liberty's specifications. In addition, the validity of the patents would be called into question if they conflicted with each other. This notion of a tangential connection being enough to claim infringement is important when you consider how saturated the technology market is with software and specification copyrights and patents. At this point, I imagine the odds that anything new might run afoul of someone's IPR are close to 100 percent. Suppose that a predator like BT isn't lurking in the woods waiting to pounce, and that all relevant IPR holders are connected with the standards organization. This could be the case with the Liberty Alliance because so far no non-member companies have come forward with a claim of relevant IPR. However, as the Liberty Alliance's Web site indicates, several of its members have come forward. Furthermore, in the spirit of the Liberty Alliance's royalty-free values, the disclosures from Fidelity and Time Warner indicate a willingness to contribute their IP on a royalty-free basis. That is not the case for two of Sony's patents. According to Sony's disclosure, the company believes it has two relevant patents (nos. 6,308,203 and 6,601,092) and, unlike with the way that Time Warner and Fidelity have disclosed their royalty-free intentions with respect to their six collective patents, Sony's disclosure says that a license to its intellectual property is available on reasonable and non-discriminatory terms, otherwise known as RAND. RAND doesn't necessarily mean that Sony intends to charge for the use of its intellectual property. So far, Sony hasn't sued anyone for misappropriation of intellectual property, and there are no reports of behind-closed-doors royalty deals. Long term, Sony could decide to charge nothing. However, by indicating the availability of its IPR under RAND terms (as opposed to royalty-free terms) in its Liberty Alliance disclosure, Sony creates a possibility whereby the Liberty Alliance's specifications may end up not being royalty-free. In hopes of clarifying Sony's intentions and laying to rest any speculation that the Liberty Alliance's specifications could be in RAND jeopardy, I reached out to James Williamson, the company's vice president of technology standards. Williamson did not return my e-mails or phone calls, so I tried the company's public relations department. At first, Sony spokesperson Lisa Gephardt referred me to Sun's Smith. After I explained that I had already spoken with Smith, Gephardt told me via e-mail that Sony declined to comment. In the world of intellectual property, RAND declarations and refusals to comment do not make a promising mix. Given Liberty Alliance's "strong" royalty-free inclination, I wondered why a company that refused to go royalty-free would be permitted to join the group. A description of the organization's intellectual property policy on the Liberty Alliance Web site makes it clear that RAND is acceptable: "Generally, Liberty Alliance Members grant a Royalty-Free patent license to all parties, whether Liberty Members or not, for any Necessary Claims which are needed to be Fully Compliant with a Liberty Alliance specification; however, there are provisions which allow Members to declare their interests in certain Necessary Claims and choose to license these Necessary Claims to all parties on Reasonable and Non-Discriminatory terms." According to Sun's Smith, there is an uncomfortable penalty awaiting those who choose to enforce their RAND terms. "Sony and others have filed necessary claims notices and they are available for review," said Smith. "We are committed to royalty-free terms unless they provide detailed information about their patent or patent application about how an implementation would infringe. But, in doing so, they potentially lose a royalty-free grant from the other 150 members." In other words, to be a member of the Liberty Alliance and to get royalty-free access to the IPR of other members, an absolute amount of reciprocity is required. Enforcing RAND rights, on the other hand, is the equivalent of taking a poison pill. Perhaps exposing the soft-white underbelly of the business of running standards organizations, Smith challenges anyone to find a better policy. Smith says the W3C--now the poster child of royalty-free standards--is really no different. The question now for the Liberty Alliance is whether its reciprocity-based policy, especially in regards to Sony, is enough to keep the rug from being pulled out from under its supposedly royalty-free specifications and their chances of becoming influential, legitimate standards. You can write to me at david.berlind@cnet.com. If you're looking for my commentaries on other IT topics, check the archives.
What do you think? |
|
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
| 05/21/04
|
|
|
|
|
|
|
|
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
