[cabf_governance] Who Must Sign the IPR?

Jos Purvis (jopurvis) jopurvis at cisco.com
Thu Jun 14 12:09:08 MST 2018

Looking at the Bylaws, the definition of an Associate Member in 3.1 establishes some important criteria:
Becoming an Associate Member is “by invitation only”. Note that there is no establishment of who does the inviting, or what the process is for requesting or obtaining an invitation.
To become an Associate Member, an organization “must sign a mutual letter of intent, understanding, or other agreement”. The contents of the letter aren’t specified here.
The Associate Member must also sign “the Forum’s IPR Agreement, unless this latter requirement is waived in writing by the Forum based on overriding policies of the Associate Member’s own organization IPR rules.” (Emphasis added)

It seems like in the past, the waiving of IPR requirements and the invitation of Associate Members has been done informally, on the basis of, “Well of course we’d want them to participate and of course we wouldn’t make them sign that.” Further, I’d guess the requirements for becoming an Associate Member were based on what we were already doing with groups like ETSI. That’s not an issue per se—it makes sense to create requirements that you already know you’ll pass!—but I think the loose requirements we have are no longer one-size-fits-all. 


Perhaps it would help for us to remove the informality from the Bylaws and define a specific process for inviting organizations and for determining whether an org is required to sign the IPR or not, much the way we have a specific process for applying to be a normal Member?


-- Jos


Jos Purvis (jopurvis at cisco.com)
.:|:.:|:. cisco systems  | Cryptographic Services
PGP: 0xFD802FEE07D19105  | +1 919.991.9114 (desk)



From: Govreform <govreform-bounces at cabforum.org> on behalf of CA/BF Governance Reform List <govreform at cabforum.org>
Reply-To: Dimitris Zacharopoulos <jimmy at it.auth.gr>, CA/BF Governance Reform List <govreform at cabforum.org>
Date: Thursday, 14 June, 2018 at 14:35 
To: CA/BF Governance Reform List <govreform at cabforum.org>
Subject: Re: [cabf_governance] Who Must Sign the IPR?


Just to clarify, ACAB-c is comprised of Accredited CABs only, not TSPs.


On 14/6/2018 9:19 μμ, Virginia Fournier via Govreform wrote:

Hi Ryan, 


Would you please also summarize the ETSI issue you raised on the call today?  I’m not sure whether you were objecting to the discussion of the issue on today’s call, the MOU previously signed with ETSI, not discussing the issue directly with ETSI, having ETSI sign the IPR agreement, or something else.  Is it just what you’ve mentioned below?  I’d appreciate your summary so the Governance Reform WG can determine how to address it.  Thank you.  


Best regards,


Virginia Fournier

Senior Standards Counsel

 Apple Inc.

☏ 669-227-9595

✉︎ vmf at apple.com



On Jun 14, 2018, at 9:11 AM, Ryan Sleevi via Govreform <govreform at cabforum.org> wrote:


(I'm not sure if I have posting rights on govreform, so this may only go to the named parties) 


Thanks for this summary Ben. To capture the other part of the F2F discussion and this and the previous call, it sounds like there's two separate-but-highly-related challenges.


First is confusion about who must sign the IPR, whether participating as an Interested Party, an Associate Member, or a full Forum member. Examples of this confusion have manifest in several discussions, in which some members expressed confusion as to how to best handle it, such as:

- For interested parties, whether an individual signature is sufficient or whether that individuals employer(s) must also sign

- For associate members, the process for waiving the IPR agreement, as covered in Section 3.1 of the Bylaws

- For associate members, how to handle various industry groups, such as:

  - CPA Canada's WebTrust TF, which is comprised of volunteers from firms such as KPMG, Deloitte, and BDO, but also has representatives from CPA Canada itself

  - ACAB-c, which has a number of European conformance assessment bodies (auditors) and European CAs (which themselves may be members of the Forum)

  - ETSI, which is comprised of Member Organizations that may meet any of our other definitions, and which may have individuals that are employed by ETSI member organizations, but are not representing their Member Organization


Second, there is confusion about the nature and scope of participation in CA/Browser Forum calls and F2Fs. This confusion roughly follows the examples illustrated above, but to more firmly document.

  - WebTrust is administered by CPA Canada, and thus we'd expect CPA Canada employees and consultants to be able to participate (e.g. Don Sheehy, Gord Beal). However, the Task Force is made up of volunteers from auditing firms, and whether or not the recognition of AM also extends to those members and their employees. Jeff Ward, as Chair of the TF, while employed by BDO, has been a steady participant in Forum F2F, but whether this invitation extends to the entire TF, or their member organizations, was a point of confusion.

  - ACAB-c is an organization made up of many European TSPs and CABs. Does recognition of ACAB-c as an Associate Member extend invitations to all of these organizations, and their employees, to also participate in the F2F

  - ETSI, as a member organization, is made up of a large number of members. Does invitation only extend to those employeed directly by ETSI, or does it also include those who participate in or lead the various focus groups within ETSI?


Note that there was a separate discussion on that second point related to Members (such as whether any employee of an organization can be in charge of voting or participate in Forum F2F, or whether there should be a notion of designated representatives), but that's not nearly as urgent or pressing as these above matters are.


My hope is that through discussion in the Governance Reform WG and telecons, there can be a mutually agreed upon and documented understanding as to:

- A common understanding of the 'complex' cases (the above may be woefully insufficient)

- Who signs the IPR Agreements for these complex cases

- What concerns, if any, exist with those guidelines by the member organizations (e.g. concerns of Proviti / US Government, or of ETSI and its members)

- Agreement on the process and procedures for any exceptions that might be granted under the Bylaws Section 3.1, such as:

  - The chair decides

  - Assent on a meeting (F2F or telecon), the same as done for members that meet the requirements

  - Full Forum votes



Hopefully that accurately and appropriately captures the discussions to date, in order to frame possible work items.


On Thu, Jun 14, 2018 at 11:46 AM, Ben Wilson <ben.wilson at digicert.com> wrote:



An issue from the London face-to-face meeting resurfaced today on the CABF call.  That is, who must sign the IPR agreement?  I believe that many members of the CABF would like a recommendation from this working group.


I think it has been pretty clear, at least in practice, that someone with authority for an organization that is a member must sign the IPR agreement.  For Interested Parties who are individuals, their signature on the IPR Agreement is pretty straightforward.  But things get a little fuzzy when we deal with other scenarios.  The most unclear situation is when we are dealing with associations of other organizations and individuals – viz. ETSI and WebTrust who send representatives to  our meetings.  Another example is where an entity appoints another entity as its agent (recognized representative) for discussions/votes.  For this latter situation, a side issue is what should we require as evidence of the agency relationship.






Govreform mailing list
Govreform at cabforum.org


Govreform mailing list
Govreform at cabforum.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/govreform/attachments/20180614/02e0c863/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2095 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/govreform/attachments/20180614/02e0c863/attachment-0001.p7s>

More information about the Govreform mailing list