Mark Radcliffe, Partner, DLA Piper Mark O’Conor, Partner, DLA Piper Ian Skerrett, Eclipse Foundation
Mike Dolan, Linux Foundation (Allseen Alliance)
Internet of Things:
Global platform
Page 2 WEST\253917478.2
Largest law firm in the
world, based in 31
countries and 77 offices throughout the Americas, Asia Pacific, Europe and the Middle East
More than 145 DLA
Piper lawyers in IP transactions
Global Open Source
Practice
More than 550 DLA
Piper lawyers ranked as leaders in their fields
OSS practice
Worldwide OSS Practice US practice led by two partners: Mark
Radcliffe and Victoria Lee
Experience
Open sourcing Solaris operating system
FOSS foundations
OpenStack Foundation
PrPL Foundation
OpenSocial
Open Source Initiative
GPLv3 Drafting Committee Chair
Drafting Project Harmony agreements
Linux Foundation and AllSeen Alliance
The Linux Foundation® is a 501(c)(6) nonprofit organization dedicated to
enabling the Linux kernel community and protecting, defending and
promoting the adoption of Linux and open source technologies that form the backbone infrastructure of society. The Linux Foundation hosts many Collaborative Projects that extend the successful practices of open source development into technology areas beyond the Linux kernel
AllSeen Alliance is one of The Linux Foundation’s Collaborative Projects.
AllSeen is a 501(c)(6) nonprofit organization dedicated to enabling the widespread adoption of products, systems and services that support the Internet of Things through an open environment, vibrant ecosystem and
thriving technical community based on the AllJoyn® open source project.
The Linux Foundation is a registered trademark of The Linux Foundation. AllSeen and AllSeen Alliance are trademarks of AllSeen Alliance, Inc. AllJoyn is a registered trademark of AllSeen Alliance, Inc.
Introduction to the Eclipse Foundation
Nonprofit Open Source Foundation (5.01 c6), created in 2004
220+ members, including IBM, SAP, Google, SAP, Red Hat,
Bosch, Cisco, Airbus
250 different open source projects
6-8 million users
22 staff members
World economic forum: IoT report
The Industrial Internet will transform the basis of
competition, requiring business leaders to shift
from a focus on products and services to
business outcomes. For the Industrial Internet to
achieve its full potential, industry sectors will
need to collaborate more closely with technology
leaders and policy makers to put in place the
standards and conditions required to encourage
further investment
.
Paul Nanterme, Chairman and CEO of Accenture
AllSeen Alliance Introduction
Mike Dolan, Senior Director of Strategic Programs
The Linux Foundation
NOW PLAYING: Artist: Flowers Song: Daisy Fridge Cloud Laundry Cloud Lighting B Cloud Speaker B Cloud Speaker A Cloud TV Cloud Lighting A Cloud Lighting C Cloud Security Camera Cloud Laundry App Security Camera App Lighting
C App SpeakerB App
Lighting
B App FridgeApp
TV
App LightingA App Speaker
A App
• A different app for every device • Integration is difficult
• Devices can’t interact locally, requires an internet connection for every device
• Cloud connections abound; are they all secure? Each with their own terms – e.g. who owns the data?
• Rich user experiences (combinations) are difficult to build, if even possible
App Overload ! AllSeen Alliance – the problem with the
Internet of Things today
But ONLY if they speak the same language
당신은 내 말 들려?
hello world!
Devices that can’t connect across brands, categories, and operating systems will be left out
No single company covers every segment, space and platform
✗
✗
✗
✗
Auto Home Consumer goods and appliances Industrial Computing devices Tem alguém aí? hellworhe 100010101011 Ubiquitous connectivity promises to makedevices smart
hello! Auto Home Consumer goods and appliances Industri al Computing devices AllJoyn framework AllJoyn
framework frameworkAllJoyn frameworkAllJoyn frameworkAllJoyn
hello! hello! hello! hello!
Computing
devices Consumergoods and appliances
Home Auto Industrial
AllSeen Alliance – AllJoyn framework lets things work together
GPS GPU DSP GYRO Microphone Touchscreen Accelerometer
Exposing smartphone APIs enabled new experiences that no one had ever thought of before
A single protocol allowing products and apps to expose their
capabilities and interact with other devices and apps
Lock doors Light bulbs Garage door Sensors Pictures Video Drapes Displays Speakers Clocks Cool Heat TVs
The AllJoyn software framework is a collaborative open source project of the AllSeen Alliance
The AllJoyn framework exposes the capabilities of connected devices in the much the same way
AllJoyn enabled devices describe their capabilities via service interfaces on a virtual bus
AllJoyn’s Gateway Agent provides remote access, management and privacy controls for all AllJoyn enabled devices and apps
The problems that AllJoyn solves… in an interoperable way WEST\253917478.2 Page 15 Discover nearby devices Identify services running on those devices Adapt to devices coming and going Span diverse transports Interoperate
across OS, device and manufacturer Exchange information Secure against bad actors Manage
remote and local
Control
AllSeen Alliance - 2014 Collaboration Scorecard
Projects
37 total projects
20 active
7 new
Contributions
103 contributors
20+ companies
4.1M SLoC
changed since
launch
Jira Tickets
1,600 submitted
1,250 closed
330 open or in
progress
17
“Companies will win over Internet of Things not in the boardroom, but on the command line. The
consortium that gets excellent code to market first, with a community that provides great documentation and an inviting atmosphere, will win. So far, only AllSeen has done that, with code available for
download today.”
Matt Asay VP Mobile at Adobe, via readwrite.com
Why the Internet of Things has to be
open sourced
AllSeen Alliance – over 170 members including 12 premier members WEST\253917478.2 Page 18 + One more not yet announced
AllSeen Alliance – Community members
Page 19 − 2lemetry − ADT Security Services − Affinegy− AT&T Digital Life − Audio Partnership − Beechwoods
Software
− Beijing Winner Micro Electronics − BLACKLOUD − Bosch − CA Engineering − Canary − Carvoyant − Changhong − Cirrent − Cisco − Cloud of Things − CoCo Communications − Connectuity − ControlBEAM − Covata − D-Link − Dawon − dog hunter − Domos Labs − Elica S.p.A. − Euronics − EXO U − Faber S.p.A. − FengLian − FirstBuild − Fon − ForgeRock − Fortune Techgroup − FreeWings Technologies − GEO Semiconductor − GeoPal Solutions − Golgi − Gowex − Guangdong Pisen Electronics − Harman − Heaven Fresh Canada − Helium − Honeywell − HOUZE® Advanced Building Science − HTC − Hubble − iControl Networks − iGloo Software − iiNet − Imagination Technologies − Innopia Technologies − INSTEON − Inteno Broadband Technology AB − IOOOTA − ISI Technologies − Kii − Kitu Systems − Legrand Group − Lenovo − LeTV − LG Uplus − Lhings − LIFX − LightFreq − Lite-On − Local Motors − Lumen Cache − M2Communication − MachineShop − MobilityLab LLC − Modacom − Musaic − Muzzley − NETGEAR − Octoblu − Organic Response − Patavina Technologies − People Power Company − Personal Air Quality Systems (PAQS) − Ping Identity − Playtabase − POWERTECH − Quanta Computer − Razer − Red Bend Software − Resin.io − Sears Brand Mgmt..Corporation − Seed Labs − Shenzhen Fenglian Technology Co
AllSeen Alliance – Community members continued
Page 20
− Shenzhen H&T Home Online Network Technology Co − Sproutling − Symantec − TCL Corporation − Tellient
− The Sprosty Network − Things.Expert − ThroughTek − Trend Micro − Tuxera − Two Bulls − Umbrela − Universal Devices − Vedams − VeriSign, Inc. − Vestel Group − Waygum.io − Weaved − Wireless Things − WiSilica − wot.io
Open Source IoT Building Blocks
New and Existing
Devices IoT Gateways
Network/Wireless
Services Backend Systems
Open Source Technology to Connect and Manage
WEST\253917478.2 Page 22
Eclipse Foundation: building blocks for open IoT stack WEST\253917478.2 Page 23 Connectivity - MQTT - CoAP - LWM2M
IoT gateway services - Remote management - Application management
IoT applications
IoT solution frameworks - Home automation - SCADA
- OM2M
Open standards
Page 24 Mosquitto
CoAP Californium
IoT frameworks
Page 25 WEST\253917478.2
IoT Gateway Framework
Integration framework for home automation
Open IoT Stack
Eclipse Foundation: commercial and open IoT ecosystem
Where software is hot, OSS is hot
WEST\253917478.2 Page 27
CLOUD/
VIRTUALIZATION CONTENTMGMT MOBILE SECURITY COLLABORATION NETWORKMGMT SOCIALMEDIA 3D PRINTING ANALYTICS ANDBUSINESS INTELLIGENCE
DRONES GAMING ERP
63% 57% 53% 51% 49% 48% 46% 27% 26% 13% 12% 10%
OSS grows as % of code
WEST\253917478.2 Page 282007
2012
2017
5%
30%
More % ???
Source: IDC Survey of G2000 Source: Black Duck audit results
By 2016, at least 95% of IT organizations will leverage nontrivial elements of open-source software technology in their mission-critical IT
portfolios, including cases where they might not be aware of it – an increase from 75% in 2010.
Basic legal issues
Intellectual property rights
Copyright
Protects works of authorship such as software, documentation, music and movies
Exclusive rights
Distribute
Modify
Reproduce
Public display/public performance
Patents
Protects inventions, such as software, hardware and automobiles which are useful, non-obvious and novel
Exclusive rights (negative right)
Make
Use
Sell
WEST\21689961v1 Page 30
Basic legal issues continued
Trademarks
Word, symbol, device, sound or smell which identifies a product as coming from a certain source and as being of a certain level of quality
Prevent use of confusingly similar marks
Examples: Linux, Apache (word), Apache (feather), OpenStack (word)
Article II – Sale of goods from airplanes to automobiles to
software
Warranties
Express
Implied
Remedies: consequential damages
Source of the funny language in licenses merchantability
Types of open source licenses:
Restrictive, permissive, other
Restrictive (aka Copyleft, reciprocal)
Requires licensor to make improvements or enhancements available under same terms
Example is the GPL: licensee must distribute work based on the program (derivative works) under the terms of the GPL
Hybrid
Requires licensor to make limited improvements or enhancements under the same terms
Example is the MPL: licensee must distribute modified files under MPL
Permissive
Modifications/enhancements may remain proprietary
Distribution in source code or object code permitted provided copyright notice and liability disclaimer are included and contributors’ names are not used to endorse products
Examples: Berkeley Software Distribution (BSD), Apache Software License
Miscellaneous: Other: Lucent, zlib/libpng
The GNU General Public License
(GPL)
GPLv2 first published in 1991 (final version of GPLv3
published 6/29/2007)
Key Terms of GPLv2
Right of customers to modify and distribute modification under
GPL
Non-exclusive
Obligation to distribute (can charge but not pass through this
obligation)
Any work based on the program is subject to GPL
Must include source code
No explicit patent license
Automatic termination
The updated BSD License
Copyright (c) <YEAR>, <OWNER> All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer
Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution
Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Collaborative projects
Eclipse Foundation
Eclipse Paho - MQTT client libraries https://eclipse.org/paho/
Eclipse Kura - IoT gateway https://eclipse.org/kura/
Eclipse Leshan - Implementation of Lightweight M2M standard for device management
Linux Foundation
Allseen Alliance – IoT platform https://allseenalliance.org/
IoTivity – IoT Framework https://www.iotivity.org/
Mosaiq (March, 2015): ABB, Bosch, Cisco Joint Venture for
smart home
DeviceHive Alliance (May, 2015): Canonical, GE, Microsoft,
DataArt, Acer for predictive maintenance for the Industrial IoT
Key Issues in using/joining OSS Project
Culture of OSS Project
Culture of company (particularly with respect to OSS
contributions)
Governance of OSS project
Run by single person
Run by single company
Run by multiple companies
Type of OSS license
Copyleft
Permissive
OSS as a competitive advantage
Move your software project to a foundation to ensure
community support and broader adoption
Example: Alljoyn and Linux Foundation
Use OSS as a base for commercial product (depends on type
of license) with OSS developing necessary parts which do not
provide commercial advantage
Example: OpenStack
Collaborations
Mosaiq
DeviceHive Alliance
Provide code under OSS license and commercial license
Example: MySQL
Supply chain: Mix of open source and other code
WEST\253917478.2 Page 37
OSS Projects
Components of an open source policy
Published policy
Created via cross functional team
Organization is educated on the policy
Open source process owner
Keeps the wheels running
Grant certain types of approvals
Approval processes
Component review and approval
Sensitive to use: internal/external/products
License review and approval
Release plan review and approval
Components of an open source policy continued
Monitoring and tracking process
Component verification
Security notifications
Component upgrade notifications
Application to contractors/outsource vendors
Obligation verification process
Ensure using approved components and
Meeting the license and business obligations
Current reporting for responsive due diligence request
Managing open source software
Define criteria for approved software
Licenses
Use (internal/product/website)
Sources
Support
Other
Define criteria for unapproved software
Scope of application: internal development, independent contractor,
outsource vendors, M&A
Define conditions for participating in the open source software
development
Employee education
No compliance without education
Open source compliance
Define how development teams and other functions
Search, select, approve, track, validate, track and monitor
Inbound approval processes
Code from internal teams, external sources
Outbound compliance processes
Distributed code
Create a baseline of your code
Prioritize
Perform code analysis
Plan remediation
Document the origins of the code base
Determine all components and licenses in use
Verify usage is approved
Create a catalogue of approved components and licenses
Validation processes
Conclusion
OSS is expected, but governance is very important
OSS critical for projects as large as IoT
Large and small collaborative projects
Making good choices with OSS means evaluating the license
obligations in the context of the business model as well as the
code
Need to manage use of open source (other third-party code)
Presenters
Mark Radcliffe, Partner, DLA Piper
Mark.O’Conor, Partner, DLA Piper
Ian Skerrett, Eclipse Foundation
Mike Dolan, Linux Foundation (Allseen Alliance)
