Apache faces Web services security spec roadblock
- 09 July, 2005 00:34
Apache officials hope to iron out licensing issues with Microsoft and IBM pertaining to the WS-Security specification so that Apache can add the technology to its open source Axis SOAP stack.
Axis is envisioned as a Web services engine for deploying SOAs, according to Apache. WS-Security is needed to communicate with .Net systems, said Davanum Srinivas, vice president of services at the Apache Software Foundation.
Although WS-Security is available for implementation royalty-free, it still must be licensed from Microsoft and IBM. Apache has raised concerns about this, mostly pertaining to a non-transfer clause that appears incompatible with open source licenses that allow for uninhibited transfer of technologies, Apache officials said.
"The big picture here is that we want users of open source to also be able to be distributors of open source, and that should happen without a requirement to go back to some other vendor for additional terms, to get rights from some other vendor," said Cliff Schmidt, vice president of legal affairs at the Apache Software Foundation.
The Apache Software License 2.0 that Apache uses for Axis does not have a clause preventing technology transfer, Schmidt said.
"I'd like to believe this is not an attempt to prevent open source implementations of a standard, because most vendors [understand] that open source implementations are critical in gaining momentum behind the standards," Schmidt said.
There have been some discussions with IBM and Microsoft about the issue.
"Anytime you're talking about legal issues with large companies, it's hard to say something is going to happen quickly, but the talks that we're going to have will be happening quickly," Schmidt said. Talks may be held next week, he added.
"What we know is that there needs to be further clarification from IBM and Microsoft regarding their licenses in order to make this compatible with open source licenses," Schmidt. said
Being a contributor to Apache, IBM is eager to cooperate with the foundation and is optimistic about reaching a resolution, according to KaÂ rla Norsworthy, vice president of software standards at IBM.
"IBM has worked successfully with Apache for a long time," Norsworthy said. "We wrote the [WS-Security] license to allow for any type of implementation, including open source."
The issue arose when VeriSign wanted to provide via open source its TSIK (Trust Service Integration Kit) toolkit, which implements WS-Security, to Apache, the Apache officials said.
Microsoft has not been an advocate of open source technology to the same degree as IBM. Citing staff commitments to the TechEd Europe conference, Microsoft representatives said a company official would not be able to comment on the Apache issue this week.
The company released the following statement: "WS-Security is an open standard at the OASIS standards organization. Microsoft has made a royalty-free license commitment for WS-Security that is consistent with the OASIS IPR policy. In terms of Apache plans, it is best to ask them about any plans they may have."
Although WS-Security, along with the other so-called WS-* specifications such as BPEL (Business Process Execution Language), is under the jurisdiction of OASIS, users still must sign license agreements with IBM and Microsoft.
Apache wants its SOAP stack to be interoperable with IBM WebSphere, .Net, BEA WebLogic, and technologies from all the major vendors, Srinivas said.