eclipse ip management modernization management... · eclipse intellectual property management >...
TRANSCRIPT
![Page 1: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/1.jpg)
Eclipse IP Management Modernization
Sharon Corbett
![Page 2: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/2.jpg)
MODERNIZATION
● Eclipse IP - About ● Issue Statement● Objectives/Benefits● License Compliance● Self Service● New Process Overview● Futures● Best Practices● OSCM● Wrap Up
WELCOME
![Page 3: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/3.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Eclipse Intellectual Property Management
> Eclipse IP Policy (Board Approved)○ Defines mechanism for accepting and licensing the intellectual property developed and
leveraged by Eclipse projects
> Legal Agreements○ Formal - ECA, Committer Agreements, Working Group Participation Agreements
> Due Diligence Review Process ○ Provenance, License Compatibility, Scanning for Anomalies○ IP Ticket (CQ)
> Commercial Adoption (Confidence/Safe)
> High Bar, Rigorous, Well Respected
![Page 4: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/4.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
What’s at Issue?
> Eclipse IP Policy and Procedures (2004)
> Significant changes over time
> Cannot support agile development nor continuous delivery
> Impossible to scale to modern day technology (Node.JS, Electron, NPM, etc.)
> Burdensome - Lack of Automation
![Page 5: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/5.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
The Time has Arrived ...
> Bring Eclipse IP Policy and Process in line with contemporary expectations!
![Page 6: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/6.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Eclipse IP Governance Approach (Redefined)> Revise the IP Review requirements for third party content
> Update IP Policy○ Change due diligence approach for third party content○ Streamline Definitions
■ Project content■ Third party content■ Official Release=Distributed Content (NOT git commits, milestone, nightly, etc.)
> IP Advisory Committee Review
> Board Approval (October 21, 2019)
![Page 7: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/7.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Objective> Focus on License Compliance Model only for third party content (leveraged only;
not otherwise produced or managed by Eclipse projects)
> Reduce burden/lower barriers
> Shift focus to other areas of high value
> Trust “other” sources of information
> Remain WELL RESPECTED and RISK FOCUSED
![Page 8: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/8.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Objective> Remove gate based on IP delays (faster service)
> Increase project velocity
> Provide flexibility and predictability
> Reduce administrivia
> Parallel IP (standard)
> New projects bring history (no review)
![Page 9: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/9.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Objective
> Removal of Type A/B Stigma (Release vs Project)
> Allow project teams to adopt license compatible third party content during development cycle
> IP team certification prior to formal release
> Provide training/education
> Engagement with broader intellectual property community (leadership)
![Page 10: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/10.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
License Compliance Model> Eclipse Foundation will stop performing deep copyright provenance reviews
of Third Party Content
> Focus on license compatibility (standard) and licensing compliance
> Licenses driven by Board Approved Whitelist
> Leverage and trust “other” third party license sources (eg. ClearlyDefined)
> Enable projects to validate license compliance during development (trust but verify)
![Page 11: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/11.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Applies to Third Party Content ONLY!
![Page 12: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/12.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
New Model
![Page 13: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/13.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Self Service Validation
BoMA (EPL-v2.0)B (MIT)C (Apache-2.0)D (?)
BoMA BCD
License Service
ClearlyDefined
License Whitelist
Overrides
IP Team Review
2
1
34
5
Project Team Eclipse IP Team
![Page 14: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/14.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
New Process Overview
Self Service Validation
Develop and Build
IP Team Resolution and
Verification
IP Team Certification
Release
2
1
3
4
![Page 15: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/15.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Engagement with the IP Team> IP Ticket (CQ) request only when/if required
> IP Ticket (CQ) if the dependency contains cryptography (declaration model)
> Projects must engage prior to a formal release for final IP clearance!
![Page 16: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/16.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
![Page 17: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/17.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
CQ REQUIREMENT FOR THIRD PARTY CONTENT ONLY WHEN/IF REQUIRED!
![Page 18: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/18.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
What does this really mean for me?> Project onus will be fairly lightweight> Compliance Report will identify any IP violations> Projects are relieved of the responsibility to request IP review for every third party
package requirement> Projects should take care to only introduce dependencies that are subject to
compatible licenses
![Page 19: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/19.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Again, what does this really mean for me?> NO piggyback/reuse CQs
> NO CQ before Adding to Orbit
> NO CQ before you start leveraging a certain library
> Periodic checks to ensure projects are on the right path
![Page 20: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/20.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Tracking DependenciesCurrent Process New Approach
Tracking via IP Tickets (CQs) Submitted by Committers
Tracking via Bill of MaterialsIdeally generated from build; e.g. Maven, Gradle, NPM dependency list, etc.
IP Log Generated (IP Tickets/CQs) IP Log Generated (Bill of Materials)
IP Log Review IP Log Review
IP Log Approval IP Log Approval
Project Release Project Release
![Page 21: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/21.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Next Steps> Prototype development/testing
○ Several projects in experimental drive
> Implementation roll out prior to end of year ○ Current infrastructure○ Updates to documentation, committer handbook, front end systems, etc.
> Futures:○ Build level Integration/automation○ Automate an end-to-end system○ Replace IPzilla○ Security vulnerabilities
![Page 22: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/22.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Community Engagement
![Page 23: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/23.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
IP Best Practices> Include copyright and license headers on source files
> Include license text file in repository
> Include notice file (third party content information, versions, licenses, any other information in order to comply with license terms, etc.
> Include contributing file (formal or non-formal)
> Identify project license on Github landing page (readme)
![Page 24: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/24.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Trust Other Sources> Leverage other sources of license data
> Donate our curated license data
> Crowd source with the greater community
![Page 25: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/25.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
Open Source Compliance MovementSPDX - open standard for communicating software bill of material information (components, licenses, copyrights and security references) https://spdx.org/ (Adoption)
ClearyDefined - crowd sourced OSI Initiative to help FOSS projects; the project focuses on source location, clarifies applicable licensing and address security vulnerabilities https://clearlydefined.io/about (Engagement)
CISQ - Standardized tool-to-tool Software Bill of Materials (SBOM) https://www.it-cisq.org/software-bill-of-materials/index.htm
Reuse Software - choose license, add copyright and license information to each file, confirm REUSE Compliance https://reuse.software/
OpenChain - Its specification identifies the key requirements of a quality open source compliance program and show organizations how to meet the requirements https://www.openchainproject.org/
![Page 26: Eclipse IP Management Modernization Management... · Eclipse Intellectual Property Management > Eclipse IP Policy (Board Approved) Defines mechanism for accepting and licensing the](https://reader033.vdocuments.us/reader033/viewer/2022053023/60568cc259d29e79872a9909/html5/thumbnails/26.jpg)
COPYRIGHT (C) 2019, ECLIPSE FOUNDATION, INC. | MADE AVAILABLE UNDER THE ECLIPSE PUBLIC LICENSE 2.0 (EPL-2.0)
THANKS!
Contact: [email protected]
Helpful Links:
https://www.eclipse.org/org/documents/Eclipse_IP_Policy.pdfhttps://www.eclipse.org/legal/https://www.eclipse.org/legal/licenses.php