[License-review] Submission for review of Accountable Resolver License
Pamela Chestek
pamela.chestek at opensource.org
Wed Jan 22 18:44:06 UTC 2025
Dear License Review List:
At its Board meeting on January 17, 2025, the Board voted on the
recommendation of the License Review Committee and declined to accept
the Accountable Resolver License as an OSI-Approved License.
Pamela S. Chestek
Chair, Licensing Committee
Open Source Initiative
On 1/15/2025 8:51 AM, Pamela Chestek wrote:
> Dear License Review List:
>
> Below is the recommendation of the License Review Committee that the
> Accountable Resolver License not be approved as an OSI-Approved
> license, to be voted on at the next Board meeting.
>
> Best regards,
>
> Pamela S. Chestek
> Chair, Licensing Committee
> Open Source Initiative
>
> ==========================
>
> License: Accountable Resolver License version 1.0 (Exhibit A)
> Submitted: October 21, 2024,
> https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2024-October/005575.html
> Decision date: due no later than the first Board meeting after
> December 21, 2024
>
> _License Review Committee Recommendation: _
>
> Resolved that it is the opinion of the OSI that the Accountable
> Resolver License version 1.0 does not conform to the OSD and assure
> software freedom and the license is therefore not approved.
>
> _Rationale Document_
>
> Reasons for withholding approval: In section 4.6 the license expressly
> prohibits using the licensed software “to infringe, invade, breach, or
> otherwise fail to protect the privacy of any DID subject making use of
> the services provided by the Work.” This use restriction violates OSD
> 6, No Discrimination Against Fields of Endeavor.
>
> The license is also poorly drafted, which would cause significant
> interpretation problems. For example, it claims to grant a license to
> “take any action with the Work that would infringe the non-patent
> intellectual property laws of any jurisdiction to which You are
> subject.” However, “intellectual property” is an ambiguous term, as
> exemplified by the statement in the license that “Licensor does not
> grant any license to the trademarks, service marks, or logos of
> Licensor, except to the extent necessary to comply with the
> attribution conditions in section 4.1 of this License.” A trademark is
> generally considered “intellectual property,” so the license both
> grants a license to trademarks in section 3.1(a) and does not in
> section 3.2(b). Moreover, there are no “attribution conditions in
> section 4.1,” they are in section 4.3.
>
> The license submitter did not respond to the issues raised on the
> license-review list.
>
> /Exhibit A/
>
> Accountable Resolver License version 1.0
>
> 1. Purpose
>
> This License gives You unlimited permission to use and modify the
> software to which it applies (the “Work”), either as-is or in modified
> form, for Your private purposes while protecting the owners and
> contributors to the software from liability and subject to the
> accountability condition defined in section 4.6.
>
> This license enables any person or organization to download, use, and
> modify the software for a Federated DID Resolver Server (the Work) to
> resolve DID documents with provisions to ensure that there is no
> third-party surveillance of the activities or metadata of individuals
> or organizations that make use of services provided by the Work as
> defined in section 4.6.
>
> 1.1 Definitions
>
> 1.1.1 DID
> Decentralized Identifiers (DIDs), are a W3C standard. They provide a
> way to point to DID documents that contain cryptographic keys and
> metadata. A DID resolver is an application that resolves DIDs to their
> associated DID documents.
>
> 1.1.2 Licensor
> Portable Data Corporation, operating as JLINC Labs, is the licensor of
> the Work and provides this Accountable Resolver License under the
> terms set out below.
>
> 1.1.3 Receiver
> Any entity has the right to the Work by abiding with the terms set out
> in this license.
>
> 1.1.4 DID Subject
> DID Subjects are natural persons or other entities identified by and
> capable of controlling the DID. The receiver of this license must
> respect the privacy of the DID Subject as set out in 4.6 below.
>
> 2. Receiving a License
> In order to receive this License, You must agree to its rules. The
> rules of this License are both obligations of Your agreement with the
> Licensor and conditions to your License. You must not do anything with
> the Work that triggers a rule You cannot or will not follow.
>
> 2.1. Application
> The terms of this License apply to the Work as you receive it from
> Licensor, as well as to any modifications, elaborations, or
> implementations created by You that contain any licensable portion of
> the Work (a “Modified Work”). Unless specified, any reference to the
> Work also applies to a Modified Work.
>
> 2.2. Offer and Acceptance
> This License is automatically offered to every person and
> organization. You show that you accept this License and agree to its
> conditions by taking any action with the Work that, absent this
> License, would infringe any intellectual property right held by Licensor.
>
> 2.3. Compliance and Remedies
> Any failure to act according to the terms and conditions of this
> License places Your use of the Work outside the scope of the License
> and infringes the intellectual property rights of the Licensor. In the
> event of infringement, the terms and conditions of this License may be
> enforced by Licensor under the intellectual property laws of any
> jurisdiction to which You are subject. You also agree that either the
> Licensor or a Recipient (as an intended third-party beneficiary) may
> enforce the terms and conditions of this License against You via
> specific performance.
>
> 3. Permissions and Conditions
>
> 3.1. Permissions Granted
>
> Conditioned on compliance with section 4, and subject to the
> limitations of section 3.2, Licensor grants You the world-wide,
> royalty-free, non-exclusive permission to:
>
> a) Take any action with the Work that would infringe the non-patent
> intellectual property laws of any jurisdiction to which You are
> subject; and
>
> b) Take any action with the Work that would infringe any patent claims
> that Licensor can license or becomes able to license, to the extent
> that those claims are embodied in the Work as distributed by Licensor.
>
> 3.2. Limitations on Permissions Granted
> The following limitations apply to the permissions granted in section 3.1:
>
> a) Licensor does not grant any patent license for claims that are only
> infringed due to modification of the Work as provided by Licensor, or
> the combination of the Work as provided by Licensor, directly or
> indirectly, with any other component, including other software or
> hardware.
>
> b) Licensor does not grant any license to the trademarks, service
> marks, or logos of Licensor, except to the extent necessary to comply
> with the attribution conditions in section 4.1 of this License.
>
> 4. Conditions
> If You exercise any permission granted by this License, such that the
> Work, or any part, aspect, or element of the Work, is distributed,
> communicated, made available, or made perceptible to a non-Affiliate
> third party (a “Recipient”), either via physical delivery or via a
> network connection to the Recipient, You must comply with the
> following conditions:
>
> 4.1. Provide Access to Source Code
> Subject to the exception in section 4.4, You must provide to each
> Recipient a copy of, or no-charge unrestricted network access to, the
> Source Code corresponding to the Work.
>
> The “Source Code” of the Work means the form of the Work preferred for
> making modifications, including any comments, configuration
> information, documentation, help materials, installation instructions,
> cryptographic seeds or keys, and any information reasonably necessary
> for the Recipient to independently compile and use the Source Code and
> to have full access to the functionality contained in the Work.
>
> 4.1.1. Providing Network Access to the Source Code
> Network access to the Notices and Source Code may be provided by You
> or by a third party, such as a public software repository, and must
> persist during the same period in which You exercise any of the
> permissions granted to You under this License and for at least one
> year thereafter.
>
> 4.1.2. Source Code for a Modified Work
> Subject to the exception in section 4.5, You must provide to each
> Recipient of a Modified Work Access to Source Code corresponding to
> those portions of the Work remaining in the Modified Work as well as
> the modifications used by You to create the Modified Work. The Source
> Code corresponding to the modifications in the Modified Work must be
> provided to the Recipient either a) under this License, or b) under a
> Compatible Open-Source License.
>
> A “Compatible Open-Source License” means a license accepted by the
> Open Source Initiative that allows object code created using both
> Source Code provided under this License and Source Code provided under
> the other open source license to be distributed together as a single work.
>
> 4.1.3. Coordinated Disclosure of Security Vulnerabilities
> You may delay providing the Source Code corresponding to a particular
> modification of the Work for up to ninety (90) days (the “Embargo
> Period”) if:
>
> a) the modification is intended to address a newly-identified
> vulnerability or a security flaw in the Work,
>
> b) disclosure of the vulnerability or security flaw before the end of
> the Embargo Period would put the data, identity, or autonomy of one or
> more Recipients of the Work at significant risk,
>
> c) You are participating in a coordinated disclosure of the
> vulnerability or security flaw with one or more additional Licensees, and
>
> d) Access to the Source Code pertaining to the modification is
> provided to all Recipients at the end of the Embargo Period.
>
>
> 4.2. No Legal or Contractual Measures that Limit Access
> You may not contractually restrict a Recipient’s ability to
> independently exercise the permissions granted under this License. You
> waive any legal power to forbid circumvention of technical protection
> measures that include use of the Work, and You waive any claim that
> the capabilities of the Work were limited or modified as a means of
> enforcing the legal rights of third parties against Recipients.
>
> 4.3. Provide Notices and Attribution
> You must retain all licensing, authorship, or attribution notices
> contained in the Source Code (the “Notices”), and provide all such
> Notices to each Recipient, together with a statement acknowledging the
> use of the Work. Notices may be provided directly to a Recipient or
> via an easy-to-find hyperlink to an Internet location also providing
> Access to Source Code.
>
> 4.4. Scope of Conditions in this License
> You are required to uphold the conditions of this License only
> relative to those who are Recipients of the Work from You. Other than
> providing Recipients with the applicable Notices and Access to Source
> Code nothing in this License requires You to provide processing
> services to or engage in network interactions with anyone.
>
> 4.5. Combined Work Exception
> As an exception to condition that You provide Recipients Access to
> Source Code, any Source Code files marked by the Licensor as having
> the “Combined Work Exception,” or any object code exclusively
> resulting from Source Code files so marked, may be combined with other
> Software into a “Larger Work.” So long as you comply with the
> requirements to provide Recipients the applicable Notices and Access
> to the Source Code provided to You by Licensor, any other Software in
> the Larger Work as well as the Larger Work as a whole may be licensed
> under the terms of your choice.
>
> 4.6 Respect for DID subject’s Privacy
> You may not use the permissions granted under this License to
> infringe, invade, breach, or otherwise fail to protect the privacy of
> any DID subject making use of the services provided by the Work.
>
> Privacy, for the purpose of this license, means a duty of care for the
> protection and confidentiality of any data generated by the operation
> of the Work, such as server logs or any other logs or metadata, that
> would enable the surveillance or correlation of the activities of the
> DID subject or other entities identified in the DID document by the
> Receiver or third parties, unless the Receiver is legally compelled
> otherwise.
>
> Further, the Receiver may not make use of, or give or sell any such
> generated data, or any data within a DID document, for any purpose
> other than to make DID documents resolvable.
>
>
> 5. Term and Termination
> The term of this License begins when You receive the Work, and
> continues until terminated for any of the reasons described herein, or
> until all Licensor’s intellectual property rights in the Software
> expire, whichever comes first (“Term”). This License cannot be
> revoked, only terminated for the reasons listed below.
>
> 5.1. Effect of Termination
> If this License is terminated for any reason, all permissions granted
> to You under Section 3 by any Licensor automatically terminate. You
> will immediately cease exercising any permissions granted in this
> License relative to the Work, including as part of any Modified Work.
>
> 5.2. Termination for Non-Compliance; Reinstatement
> This License terminates automatically if You fail to comply with any
> of the conditions in section 4. As a special exception to termination
> for non-compliance, Your permissions for the Work under this License
> will automatically be reinstated if You come into compliance with all
> the conditions in section 2 within sixty (60) days of being notified
> by Licensor or an intended third party beneficiary of Your
> noncompliance. You are eligible for reinstatement of permissions for
> the Work one time only, and only for the sixty days immediately after
> becoming aware of noncompliance. Loss of permissions granted for the
> Work under this License due to either a) sustained noncompliance
> lasting more than sixty days or b) subsequent termination for
> noncompliance after reinstatement, is permanent, unless rights are
> specifically restored by Licensor in writing.
>
> 5.3. Termination Due to Litigation
> If You initiate litigation against Licensor, or any Recipient of the
> Work, either direct or indirect, asserting that the Work directly or
> indirectly infringes any patent, then all permissions granted to You
> by this License shall terminate. In the event of termination due to
> litigation, all permissions validly granted by You under this License,
> directly or indirectly, shall survive termination. Administrative
> review procedures, declaratory judgment actions, counterclaims in
> response to patent litigation, and enforcement actions against former
> Licensees terminated under this section do not cause termination due
> to litigation.
>
> 6. Disclaimer of Warranty and Limit on Liability
> As far as the law allows, the Work comes AS-IS, without any warranty
> of any kind, and no Licensor or contributor will be liable to anyone
> for any damages related to this software or this license, under any
> kind of legal claim, or for any type of damages, including indirect,
> special, incidental, or consequential damages of any type arising as a
> result of this License or the use of the Work including, without
> limitation, damages for loss of goodwill, work stoppage, computer
> failure or malfunction, loss of profits, revenue, or any and all other
> commercial damages or losses.
>
> 7. Other Provisions
>
> 7.1. Affiliates
> An “Affiliate” means any other entity that, directly or indirectly
> through one or more intermediaries, controls, is controlled by, or is
> under common control with, the Licensee. Employees of a Licensee and
> natural persons acting as contractors exclusively providing services
> to Licensee are also Affiliates.
>
> 7.2. Choice of Jurisdiction and Governing Law
> A Licensor may require that any action or suit by a Licensee relating
> to a Work provided by Licensor under this License may be brought only
> in the courts of a particular jurisdiction and under the laws of a
> particular jurisdiction (excluding its conflict-of-law provisions), if
> Licensor provides conspicuous notice of the particular jurisdiction to
> all Licensees.
>
> 7.3. No Sublicensing
> This License is not sublicensable. Each time You provide the Work or a
> Modified Work to a Recipient, the Recipient automatically receives a
> license under the terms described in this License. You may not impose
> any further reservations, conditions, or other provisions on any
> Recipients’ exercise of the permissions granted herein.
>
> 7.4. Attorneys’ Fees
> In any action to enforce the terms of this License, or seeking damages
> relating thereto, including by an intended third party beneficiary,
> the prevailing party shall be entitled to recover its costs and
> expenses, including, without limitation, reasonable attorneys’ fees
> and costs incurred in connection with such action, including any
> appeal of such action. A “prevailing party” is the party that
> achieves, or avoids, compliance with this License, including through
> settlement. This section shall survive the termination of this License.
>
> 7.5. No Waiver
> Any failure by Licensor to enforce any provision of this License will
> not constitute a present or future waiver of such provision nor limit
> Licensor’s ability to enforce such provision at a later time.
>
> 7.6. Severability
> If any provision of this License is held to be unenforceable, such
> provision shall be reformed only to the extent necessary to make it
> enforceable. Any invalid or unenforceable portion will be interpreted
> to the effect and intent of the original portion. If such a
> construction is not possible, the invalid or unenforceable portion
> will be severed from this License but the rest of this License will
> remain in full force and effect.
>
> 7.7. License for the Text of this License
> The text of this license is released under the Creative Commons
> Attribution-ShareAlike 4.0 International License, with the caveat that
> any modifications of this license may not use the name “Accountable
> Resolver License” or any name confusingly similar thereto to describe
> any derived work of this License.
>
>
>
>
> On 10/21/2024 10:39 AM, Victor Grey via License-review wrote:
>> To the OSI community, this is a request for approval for a new special-purpose open source license, as attached. The license is intended for software that provides registration and resolution services for Decentralized Identifiers (DIDs -https://w3c.github.io/did-core/). Such software may be used as a standalone service or incorporated into any other software to provide DID resolution services for any purpose, conditioned on it not being used to violate the privacy rights of end users of the service.
>>
>> It is based on the Cryptographic Autonomy License (CAL-1.0) and is identical to CAL-1.0 with the exceptions of section 1 and portions of section 4.
>>
>> * We believe and affirm that the license complies with the Open Source Definition, including specifically that it meets OSD 3, 5, 6 and 9.
>>
>> * The license is currently being used in a private beta of a Federated ID service offered by JLINC Labs, and is already planned to be incorporated in several other businesses, to become public this year or early next year.
>>
>> * The license steward and submitter is Victor Grey, on behalf of the Portable Data Corporation DBA JLINC Labs, reachable atvictor at jlinc.com.
>>
>> * The license shall be known as the Accountable Resolver License version 1.0.
>>
>> * There are no unique identifiers by other projects or proposed tags.
>>
>> * We believe it fills a gap in necessary privacy requirements for these types of services that we have found in no other license.
>>
>> * As stated above, it is based on CAL-1.0.
>>
>> * It has not been through any other legal review by us.
>>
>> Many thanks for your attention,
>> Victor Grey
>>
>>
>> _______________________________________________
>> The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Communication from the Open Source Initiative will be sent from an opensource.org email address.
>>
>> License-review mailing list
>> License-review at lists.opensource.org
>> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
>
>
> _______________________________________________
> The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Communication from the Open Source Initiative will be sent from an opensource.org email address.
>
> License-review mailing list
> License-review at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20250122/91304367/attachment-0001.htm>
More information about the License-review
mailing list