Skip to Content.
Sympa Menu

mace-opensaml-users - RE: contributing to OpenSAML

Subject: OpenSAML user discussion

List archive

RE: contributing to OpenSAML


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: "'Prakash Yamuna'" <>, "'OpenSAML'" <>
  • Subject: RE: contributing to OpenSAML
  • Date: Fri, 28 Jan 2005 14:05:08 -0500
  • Organization: The Ohio State University

> The question is where is an individual's
> freedom/rights in all this?

I assume that's a rhetorical question? ;-)

> Daily, I perform other tasks/actions (other than code
> contributions) that do not require my company's
> approval; then why is it when it comes to code
> contributions that one needs approval?

If those tasks result in the production of something that you assert
ownership of (in a legal sense), then you might. It depends on your employee
agreement, the terms under which you agree to work. Most people, needless to
say, don't read the fine print, but it's usually somewhere in Catbert's
office. If you rub his furry underbelly, he sometimes lets you see it.

When you contribute code, we (and the Apache Software Foundation, and most
other open source caretakers) insist on rights to those contributions to
ensure that the license will remain open. To grant us those rights, you have
to possess them in the first place.

> A related issue is it is almost impossible to say that
> your contributions do not build on your past and
> present experience in various fields - even if they
> are disparate fields.

There are, obviously, legal issues here. It's not black and white, and what
I was told (and I'm not saying it's correct) is that it's based on legal
tests as to the similarity of the work. Just the mere fact that it's
computer programming isn't enough, I don't think, but it's not at all
obvious. Ultimately what matters is whether the company cares. If the work
is not something likely to make them money, they never will.

> Suppose one would like to contribute multiple open
> source projects then how would that work?

If you wanted to contribute to Apache, you'd have to sign their contributor
agreement, which not surprisingly looks like this one. Many other projects
are or will be doing similar kinds of things if they care about the
protection of the work. It's a hassle, but this is the world.

> Of course given the fact that the distinction b/w work
> at office and home is blurred - this makes things much
> more complicated...but where does one draw a line?

To be safe, one might not. That's why we suggested asking is often the
better/easiest approach. Of course, the challenge is that there are often
very few people in an organization with the legal right to say yes on behalf
of its lawyers. Asking people without that authority (my boss, for instance)
is a formality that might help me get an answer, but it's not the final
step.

It took me over a year after I originally "started" this work to actually
get a legal agreement in place under which I could grant the rights to it.
That's why I continue to use the flying pig logo for Shibboleth, it's
somehow apt to this whole experience.

> In my particular case, it makes sense for me to get
> company approval, since I am in the security industry
> but if one were to be working on a totally orthogonal
> aspect as a corporate developer then why does the
> company need to know?

Assuming you mean on your own time, from your perspective, maybe they don't,
but from ours, we risk contaminating the license if we don't make you
responsible for that claim. This way we have a signed document from you that
makes you responsible for donating work that the company later claims is
theirs. That doesn't prevent bad stuff from happening, but it makes people
stop and think first, and that's (I think) the primary purpose.

Of course, it's a pain. We'd all like to just throw the gates open, but
we're not all working in our basement for fun. SAML's kind of cool and all,
but...

-- Scott




Archive powered by MHonArc 2.6.16.

Top of Page