Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
OpenChain Education Work Group Meeting #4 focused on practicalities. The team is getting ready to produce a free online training course in collaboration with LF Training. It will be hosted on edX and the source will also be available as public domain (CC-0). Get involved via the mailing list to learn more and lend a hand.
OpenChain Education Mailing List
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
Hi, I’m Tadayuki Osaki, OSS compliance specialist working for Fujitsu Limited and involved in Open Source Software (OSS) license compliance.
In this article, I briefly introduce the international standardization of OpenChain specification.
As introduced in Ayumi Watanabe’s first day article, OpenChain specification defines requirements for an organization to establish OSS compliance, and is coordinated by the OpenChain project under the Linux Foundation.
Under the Linux Foundation, there are projects to develop software (code) and to standardize specifications (specification/spec.), for a total of 187 projects as of December 2, 2020.
source: Linux Foundation
The figure above plots Linux Foundation projects into two categories: project configuration (Single / umbrella) and project subject (Software (code)/Specification).
The OpenChain project, with its logo at the bottom left of the diagram, is designed to create and standardize specifications, as are the OpenAPI initiative (API standardization) and the Open Container Initiative (Container formatting and runtime standardization).
An international standard is a standard established by international standards organizations. Each member country of the WTO is required to conform its domestic standard to the international standard*, as required by WTO TBT Agreement. By international standardizing a specification, it can be developed and promoted to the domestic standard of each country.
*only for international standards enacted by a specified international standards organizations, such as ISO, IEC, and ITU.
In the field of information technology (IT), ISO/IEC JTC1 (First Joint Technical Committee of ISO and IEC), an international standards organization independent from ISO and IEC, handles international standardization of the technical area.
OpenChain specification will be published as an international standard by the end of December, as stated in the second day article by Ayumi Watanabe, after going through the process of international standardization in ISO/IEC JTC1.
It should be noted that the content of documents relating to ISO procedures does not necessarily apply to the procedures of ISO/IEC JTC1, as the details of the procedures differ among international standardization bodies.
The flow of the OpenChain specification up to its establishment as an international standard by ISO/IEC JTC1 is shown in the following diagram.
Specifically, the following two steps were taken.
The international standardization of the OpenChain specification is a big step toward the OpenChain Project’s goal of “Enabling a software supply chain where OSS is delivered with reliable and consistent compliance information”.
In the future, the OpenChain Project will promote initiatives such as encouraging countries to establish domestic standards in response to the internationally standardized OpenChain specifications.
Tomorrow is a message from Shane, General Manager of the OpenChain Project.
こんにちは。富士通株式会社の大崎 雅行です。
OSS(Open Source Software)を利用する際に重要となる、OSSライセンスのコンプライアンスに携わっています。
本記事では、OpenChain仕様の国際標準化に向けた経緯について、簡単に紹介します。
渡邊 歩さんの1日目の記事で紹介があったように、OpenChain仕様は、組織がOSSコンプライアンスの遵守体制を構築する際の要件を規定するもので、Linux Foundation配下のOpenChainプロジェクトが取りまとめています。
Linux Foundationの配下には、ソフトウェア(code)の開発を目的とするプロジェクトとともに、仕様(specification / spec.)の標準化を目的とするプロジェクトも活動しており、2020年12月2日現在、合計で187のプロジェクトが存在します。
source: Linux Foundation
上の図は、Linux Foundationのプロジェクトをタイプ別に分けるため、プロジェクトの構成(単一(single) / 統合(umbrella))・プロジェクトの対象(ソフトウェア(code) / 仕様(spec))の2つの軸での区分したものです。
図の左下にロゴがあるOpenChainプロジェクトは、OpenAPI initiative(APIの標準化)や、Open Container Initiative(コンテナのフォーマットやランタイムの標準化)と同様に、仕様を策定し、標準化することを目的としています。
国際標準(国際規格;International Standard)とは、国際標準化団体により制定される標準(規格)です。WTOに加盟する各国は、国内規格を国際標準(国際規格)※に整合させることが求められており(WTO TBT協定)、仕様や規格を国際標準(国際規格)とすることにより、各国の国内規格に展開し、普及を進めることが可能となります。
※ 特定の国際標準化団体(ISO・IEC・ITU)により制定された国際標準(国際規格)
そして、情報技術(IT)分野では、ISO / IEC JTC 1(ISOとIECの第一合同技術委員会)という、ISOおよびIECとは別個の国際標準化団体で標準化が行われています。
今回、OpenChain仕様は、ISO / IEC JTC 1における国際標準化の手続きを経て、渡邊 歩さんの2日目の記事にあるように、12月中には、国際標準として発行される予定です。
なお、国際標準化団体ごとに手続きの詳細が異なるため、ISOの手続きに関する資料の内容は、必ずしも、ISO / IEC JTC 1の手続きに当てはまるとは限らないことに注意が必要です。
OpenChain仕様が、ISO / IEC JTC 1により国際標準として制定されるまでの流れを、以下の図に示します。
具体的には、以下の2つの段階の手続きを進めました。
OpenChain仕様の国際標準化は、OpenChainプロジェクトが目指す「OSSが信頼性と一貫性のあるコンプライアンス情報とともに提供される、ソフトウェアサプライチェーンの実現」の大きな一歩となります。
今後、OpenChainプロジェクトでは、国際標準化されたOpenChain仕様に対応して、各国に国内規格を制定する働きかけを行っていく等の取組みを進めていくことになります。
明日は、OpenChainプロジェクトのGeneral ManagerであるShaneさんからのメッセージです。
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
(日本語は下にあります)
Hello. If this is your first visit, nice to meet you. I think it is most likely your second time reading my article this December, right?
As the second day of OpenChain Japan Advent Calendar, today I will write about the OpenChain Specification, which is the main theme of this year.
I would like to skip my self introduction today because of my continuous posts, but if you are interested in that, please do read this.
These days, OSS is essential for software development. It is even common to use hundreds to thousands of OSS components in one product or service. To develop software with advanced features by one single company has became very difficult, so a lot of companies have cooperated with each other and built software supply chains.
In a software supply chain, once an inappropriate use of OSS or an insufficient delivery of OSS license information occurs, it affects the entire supply chain. It comes to be claimed by the copyright holder or it is prohibited to distribute products.
In this situation, it is required to take control of problems at the upstream of the supply chain.
To deal with those issues, the Open Chain Project has built an OSS compliance standard for every organization or company in supply chains to do things that they should do, build trust with each other, and deliver every necessary need (e.g. source code, license or documents).
One of the most important activities of the OpenChain Project is development and promotion of Open Chain Specification. The OpenChain Specification defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. It can be used as a requirement for organizations to do OSS license compliance properly.
As of December this year, the latest version of OpenChain Specification is version 2.1. It is available at version 2.1.
The updated history of OpenChain Specification is below:
| version | update date |
|---|---|
| version 1.0 | October 2016 |
| version 1.1 | April 2017 |
| version 1.2 | April 2018 |
| version 2.0 | April 2019 |
| version 2.1(latest) | December 2020 |
The contents of the latest version of OpenChain Specification is below:
Contents
Foreword
Introduction
1. Scope
2. Terms and definitions
3. Requirements
Appendix A(informative)
The key contents of Specification is written in chapter 3. From tomorrow, OpenChain Japan members will explain the contents of each requirement and related topics in turns.
Osaki-san will explain the topics around OpenChain Specificatoin as an ISO Standard, the biggest news of this year.
See you tomorrow!!!
こんにちは。あるいは、はじめまして。たぶんかなりの確率で、二度目ですね。
OpenChain Japan Advent Calendar 2020の2日目は、今年のメインテーマであるOpenChain仕様についてお届けします。
本日は連投のため自己紹介はスキップしますが、もし読んでくださるのであれば、こちらをご参照くださいませ。
昨今のソフトウェア開発においては、OSSの利活用はもはや当たり前になっており、一つの製品・サービスの開発に数百から数千個のOSSコンポーネントが使われることもあります。また、ソフトウェアの高機能化に合わせて分散開発も一般化しており、一つの製品の開発において複数の企業が複雑に関連しあうサプライチェーンが構築されています。
サプライチェーンにおいて、ひとたびOSSの不適切な利用やライセンス情報の連携不足が発生すると、その影響はサプライチェーン全体に及び、第三者やOSSの著作権者からの指摘を受けたり、最終製品が出荷できなくなったりすることも考えられます。このような状況において、サプライチェーンの上流で問題を把握し、対策を講じることが求められています。
このような課題に対して、サプライチェーンを構成する企業・団体それぞれがすべきことを的確に実施し、相互に信頼関係を構築し、互いに適切な情報や必要なソースコード等の素材の受け渡しをしっかりと行うことのできる文化を醸成しようとしているのが、OpenChainプロジェクトです。
OpenChainプロジェクトの活動の一つに、OpenChain仕様の策定と普及があります。OpenChain仕様では、ソリューションを市場に投入する効率を最大化するために、コンプライアンス・プロセス、ポリシー、トレーニングを行うビジネスワークフローのインフレクションポイントを定義しており、組織がOSSライセンスコンプライアンスを適切に実行するための要件として活用できます。
2020年12月現在のOpenChain仕様の最新バージョンはversion 2.1で、詳しくはOpenChain仕様バージョン2.1から参照できます。
OpenChain仕様はこれまで、下記の通り更新されてきています。
| バージョン名称 | 改訂時期 |
|---|---|
| version 1.0 | 2016年10月 |
| version 1.1 | 2017年4月 |
| version 1.2 | 2018年4月 |
| version 2.0 | 2019年4月 |
| version 2.1(最新) | 2020年12月 |
最新版のOpenChain仕様は、下記のような構成になっており、要件は3. Requirementsに記載されています。
Contents
Foreword
Introduction
1. Scope
2. Terms and definitions
3. Requirements
Appendix A(informative)
明日以降は、OpenChain Japanのメンバーが交代で、個々のRequirementsの解説と関連するトピックスについて投稿します。
明日は、今年の大ニュースOpenChain仕様のISO国際標準化について、大崎さんが解説してくれます。
では明日の記事をお楽しみに!!
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
(日本語は下にあります)
Hello. If this is your first visit, nice to meet you. Thank you very much for your attention to this article.
Welcome to OpenChain Japan WG Advent Calendar 2020!!
We, OpenChain Japan WG, is a Japanese community whose activities involve Open Source Software(OSS) compliance.
Last year we wrote various topics about our activities as a self introduction of OpenChain Japan WG. This year, as OpenChain Advent Calendar 2020, we will deliver to you a series of 25 articles focusing on the OpenChain Specification cerebrating that OpenChain Specification was officially registered as an International Organization for Standardization(ISO).
And we will write every article both in Japanese and English and deliver them to everyone in the world. (It is also useful for your English/Japanese learning!)
We would be very happy if you became a little interested in our activities and the importance of OSS compliance from reading our articles. I hope you like it!!
I am Ayumi Watanabe of OpenChain Japan WG. I’m an OSS management consultant based in Tokyo, Japan. My favorite OSS license is Beerware License.
I’m a member of Planning SWG, Promotion SWG and Tooling SWG in OpenChain Japan WG.
Openchain is one of the official projects of the Linux Foundation. Its vision is “a supply chain where open source is delivered with trusted and consistent compliance information”. OpenChain maintains the International Standard for open source compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcomed to engage with our community, to share their knowledge, and to contribute to the future of our standard.
The core of OpenChain:
1. Specification, which defines a set of requirements every quality compliance program must satisfy
2. Conformance, which allows organizations to display and promote their adherence to these requirements
3. Curriculum, which provides the educational foundation for OSS processes and solutions, whilst meeting a key requirement of the specification
In OpenChain Japan WG, we share our issues and solutions with each other, and discuss issues about OSS compliance in Japanese. We have variety of sub work groups in OpenChain Japan WG, e.g. Planning, Tooling, Promotion, FAQ, Leaflet, Education, License Info SWG. Every SWG are all very active.
OpenChain Japan WG is one of the regional Work Groups of OpenChain. It started in 2017. Now over 200people from over 70 companies are our members. We always welcome your joining!
In the next article, I will write about OpenChain Specification which is the main theme of this year. I believe it was 2020’s biggest news of OSS compliance that OpenChain Specification was officially registered as an ISO standard.
See you tomorrow!!
こんにちは。あるいは、はじめまして。
OpenChain Japan WGのアドベントカレンダー2020へようこそ!
私たちOpenChain Japan WGは、OSS(Open Source Software)のコンプライアンスに関する活動をしている日本のコミュニティです。
今年は、昨年に引き続き2年目のアドベントカレンダーです。昨年は、OpenChain Japan WGの自己紹介として、私たちの活動について色々書かせていただきましたが、今年はOpenChain仕様がISO国際標準に認定された記念として、OpenChain仕様にフォーカスした25日間をお届けしたいと思います。
また、日本から世界へ!をキーワードに、海外のエンジニアの皆さんにも読んでいただけるよう、今年は全日程、日本語と英語で記載します。(英語を勉強中の皆さんの練習にもお使いいただけます!)
このアドベントカレンダーを通して、私たちの活動やOSSコンプライアンスの重要性に興味を持っていただき、参加したいなと思っていただけるようになれば幸いです。
OpenChain Japan WGの渡邊歩です。OSS活用に関するコンサルをしています。好きなライセンスは、Beerware Licenseです。
OpenChain Japan WGでは、Planning SWGとPromotion SWG、Tooling SWGで活動しています。
OpenChainは、Linux Foundationの公式プロジェクトのひとつで、「OSSが信頼性と一貫性のあるコンプライアンス情報とともに提供される、ソフトウェアサプライチェーンを実現すること」をビジョンとし、組織がOSSのライセンスコンプライアンスプログラムを構築するための指針を整備し提供しているプロジェクトです。
OpenChainの3本の柱:
1. 仕様(Specification) : 組織内に確立するべきコンプライアンスプログラムの要件を定義したもの
2. 適合(Conformance) : 組織が仕様を満たしていることを認証する仕組み
3. 教育(Curriculum) : 仕様の要求事項のひとつである教育プログラムに活用できる資料
OpenChain Japan WGは、日本で活動するOpenChainのワーキンググループで、OSSコンプライアンスに関する課題や解決策について日本語で議論や情報交換を行っています。Japan WGの中には更にPlannning, Tooling, Promotion, FAQ, リーフレット, 教育資料, ライセンス情報など、たくさんのサブワークグループがあり、それぞれが活発に活動しています。
OpenChain Japan WGの活動はOpenChain初のリージョナルSWGとして2017年にスタートし、今では70社、200名以上の人々が参加しています。私たちの活動に興味のある方はいつでも、参加お待ちしています!
明日は、今年のアドベントカレンダーのメインテーマである「OpenChain仕様」について説明します。
OpenChain仕様がISO国際標準に認定されたことは、OSSコンプライアンス関連の2020年の最大のニュースだったと思います。
では明日の記事をお楽しみに!!
Newsletter – Issue 43 – November 2020
Our newsletter contains some of the highlights from the last month of activity in the project. Plenty more happened. Check out the full stream here:
https://www.openchainproject.org/news
OpenChain @ Events
On November 26 the OpenChain Project presented at the LINE Developer Day 2020.
Check out the full recording in English and Japanese:
https://www.openchainproject.org/news/2020/11/26/openchain-line-developer-day-2020-full-recording
OpenChain @ Partners
The OpenChain Project is delighted to welcome Lee Tsai & Partners to our partner program as the first law firm in Taiwan.
https://www.openchainproject.org/featured/2020/11/25/lee-tsai-partners-is-the-latest-openchain-partner
OpenChain @ Webinars #13 & 14:
OpenChain @ Work Groups (Selected Highlight)
The International Standard for open source license compliance took center stage at the LINE Developer Day 2020 conference. Check out the recordings of our talk in English and Japanese below.
Watch the Recording in English
Watch the Recording in Japanese
The OpenChain Project is delighted to welcome Lee Tsai & Partners to our partner program as the first law firm in Taiwan.
“The OpenChain Project is fortunate to have an active and growing community of user companies in Taiwan,” says Shane Coughlan, OpenChain General Manager. “Welcoming Lee Tsai & Partners to our official partner program is a natural extension of ensuring legal support for our community in this space. We are fortunate to have the opportunity to work with such experienced and influential individuals in this space, and we have every confidence that Lee Tsai & Partners is perfectly positioned to assist companies as the OpenChain Specification, DIS 5230, formally graduates as an ISO/IEC standard.”
“We have seen open source software become a critical part of technological innovation,” says Jaclyn Tsai, Co-Founder of Lee Tsai & Partners. “Whether an enterprise can effectively use open source software will become a crucial factor in keeping pace with current trends. The first step in ensuring proper use of open source software is assuring that appropriate controls are in place to ensure that license terms and obligations may be complied with. We are excited and pleased to be an official partner of OpenChain to help companies understand the requirements under the Internal Standard for Open Source Compliance and their legal obligations in using open-source software.”
About Lee Tsai & Partners
Dr. Chung-Teh Lee and Jaclyn Tsai, after working as judges and practicing for extensive periods, both had a vision of creating a law firm that is not only grounded on professionalism but also compassion. As such, the first office of the Lee Tsai Group was founded in Taipei in 1998 with the professional motto “Reason” and “Compassion” and a mission statement “to provide the highest quality of professional service to our clients through our comprehensive knowledge of their industries while dedicating ourselves not only to our clients but also to our community.”
Learn More
Our Global Work Team call to end November focused in showing the format of our ISO/IEC International Standard, how OpenChain 2.1 uses precisely the same formatting, and our online self-certification questionnaire for OpenChain 2.1.
Check out our first “full spectrum” call, expanding from our traditional Specification Work Team, and providing all the global work teams with space to catch up and share.
The next call is on the Fourth Monday of November (23rd) at 5pm Pacific.
Join Us
One Tap Telephone (no screensharing)
Find your local number: https://zoom.us/u/abeUqy3kYQ
After dialing the local number enter 9990120120#
On this webinar Tim Bird of Sony spoke on ‘Issues with Open Source License Compliance in Consumer Electronics’, a variant of a speech recently delivered at Open Source Summit Europe, and made available here for our global audience along with a great Q&A.
This is OpenChain Webinar #14, released on 2020-11-20.
© 2024 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
