This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
Introduction of FAQ subgroup
Today, I would like to introduce the FAQ subgroup of the OpenChain Japan WG.
The members of the FAQ subgroup are consist of those who are in charge of OSS license consultation and license compliance support at each company / organization, those who are not in charge but are volunteer-based, and those who are about to start studying OSS licenses or those who are just starting (<-this is important).
There are various QA candidates, such as those that the members actually consulted, those that the members wondered, and those that are generally misunderstood.
How to make QA
To create a QA, first create a base for Questions and Answers using Slack and give your opinion. After that, the QA will be finalized by making corrections at a meeting (which used to be actually gathered, but recently it is online in view of recent circumstances). (<- This is actually the most fun because we have a lot of opinions and discussions.) Then, after confirming with the attorney attorney, we will publish it.
In this way, each QA is verified and nurtured from the perspectives of various companies, organizations, and roles, so I think that the QA collection is relatively homogeneous and has few mistakes.
It’s been about 10 years since I was involved in OSS licensing, but I’m still studying through this FAQ subgroup every time. In particular, I often get noticed from the perspectives and opinions of companies whose business types are different from those of my company. People who participated for the purpose of studying also commented, “I am studying because I am trying to convey it in an easy-to-understand manner.” and “I will be able to understand by listening to the discussion.” and so on.
Conclusion
It’s been about 10 years since I was engaged in OSS license compliance, but I still study through this FAQ subgroup every time. In particular, I often get noticed from the perspectives and opinions of companies whose business types are different from those of my company. People who participated for the purpose of studying also commented, “I am studying because I am trying to convey it in an easy-to-understand manner.” and “I will be able to understand by listening to the discussion.” and so on.
If you are interested in the activities of the FAQ subgroup, please join us at any time. Those who want to participate by trial rather than immediately, and those who can not contribute much to the creation of FAQ but want to participate for study purposes are also welcome. For details, please contact japan-sg-faq@lists.openchainproject.org.
We heard from Michael G. Poe, a newcomer to the world of Open Source Compliance and current Sales Manager with FossID. He shared his thoughts on his surprising journey from consumer products to software, and how the underlying principles of the open source community have enabled him along the way.
Michael also touched on what he believes can be some of the challenges to the frictionless adoption of OpenChain conformance. And lastly, based on his experiences and learning agenda thus far, what are some areas that can be improved when it comes to Open Source, Compliance, and the tech industry in general.
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
Today, we will introduce the contents of the OpenChain spec v2.1 (Chapter 1.4-1.5).
Chapter 1.4 is about the scope of the OSS Compliance Program. Th e OSS compliance program gives you the freedom to choose whether it covers your entire organization or just some product lines.
Chapter 1.5 is a chapter on reviewing each OSS license within your organization. Organizations should establish a process for reviewing and documenting OSS license obligations, restrictions, and rights for each use case. Reviewing OSS licenses in Chapter 1.5 is a very important task for an organization, but a difficult task for an unfamiliar organization. Therefore, the FAQ subgroup of the Japan WG is working to publish “common misunderstanding FAQs related to OSS licenses” together.
Tomorrow we will introduce the activities of this FAQ subgroup.
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
The research team in OpenChain Japan WG about OSS compliance made academic presentations at two conferences, “Intellectual Property Association of Japan” and “Japan Society for Research Policy and Innovation Management” in 2020.
Today, I would like to introduce the “Framework for Skill Standards on OSS Compliance” presented at “Intellectual Property Association of Japan”.
Necessity of skill standards for OSS compliance
Work related to OSS compliance is complex and needs to be carried out in cooperation with various departments in the company, such as development and intellectual property departments.
On the other hand, OSS-related tasks are often relatively new to the people in each department, and therefore, in order to promote human resource development, we have developed a systematic index to clarify and systematize the skills required to perform these tasks. In other words, we thought a “skill standard” was necessary.
The skill standard framework for OSS compliance
The table below shows the framework of skill standards about OSS compliance. On the left side, tasks related to OSS compliance are extracted for each of planning, development, and maintenance (operation) of the system, and on the right side, tasks to be handled by each department are organized.
In this presentation, we have only presented the overall picture above. In the future, we will further subdivide each task, and organize the skills required to perform each task and the evaluation method.
Finally
The OpenChain Specification 2.0, which was adopted by the ISO, also defines the roles, responsibilities, and suitability of personnel to achieve OSS compliance in Chapter 1.2, and specifies that the results of the suitability assessment must be retained. (Article link.)
However, OpenChain does not mention the specific items and indices of what roles each department should play and how to evaluate each person in charge, and it is left to each company to decide. We hope to create a tool that can be used to facilitate compliance work.
Tomorrow, Mr. Shima of FAQ SG will introduce the contents of chapter 1.4 to 1.5 in OpenChain.
OpenChain Japan WG Promotion SGの有志メンバーを中心に立ち上げたOSSコンプライアンスについての研究チームでは、2020年に「日本知財学会」と「研究・イノベーション学会」の2つの学会で学術発表を行いました。今日は、その中から日本知財学会で発表した「OSSコンプライアンスに関するスキル標準のフレームワーク(全体マップ)」について紹介しようと思います。(研究・イノベーション学会で行った発表に関しては、12/21の記事で土手さんから紹介いただく予定です)
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
Yoshitaka Iwata of Hitachi, Ltd. will be on duty for the Advent calendar on December 8th. I am the leader of the “Educational Materials for Role” SWG of the Open Chain Japan WG. Thank you in advance. By the way, what are you careful about when using OSS? Also, what kind of structure and content will you use when conducting education for using OSS within the company or team? What should software developers know to use OSS need? In order to answer these questions, I decided to think about what kind of educational materials would be good for each role related to OSS. The following content is, of course, based on the Open Chain specifications and curriculum.
Collection and analysis of education cases It seems that some companies have been educating on OSS even before the establishment of Open Chain. Therefore, we investigated the system, target member, form (lectures, group training, e-learning, material browsing, etc.), timing, and the existence of the English version of four companies. We analyzed the table of contents of each education and the outline of chapters / sections, and summarized the structure for software developers. The structure example is as follows. (1) What is OSS? (2) Intellectual property rights (3) OSS license (4) OSS compliance program (5) Examination when introducing OSS (6) OSS review (7) OSS distribution (8) Summary (9) Contact information (10) References / organizations First of all, we targeted software developers because we thought that software developers would be the first to use OSS internally or within a team.
Development of examples of specific educational materials Actually specific examples of educational materials for software developers were examined by the “Educational materials for Role” SWG. (1) What is OSS? Considering software developers who have never used OSS, how about telling them about general OSS definitions, usage examples of OSS in the target business (different for each business targeted by the company or team), the advantages and disadvantages of using OSS, and others? (2) Intellectual property rights In particular, intellectual property rights related to OSS include copyrights and patent rights. Since OSS is software, each OSS is copyrighted. Copyright means the right to modify, distribute, and copy. I hope you can explain these things in an easy-to-understand manner. (3) OSS license Why don’t you explain copyright rights obtained by the OSS license compliance(in other words, it is necessary to protect the OSS license in order to modify, distribute), examples of OSS licenses, permissive OSS licenses, copyleft and reciprocal OSS licenses, etc? (4) OSS compliance program The Open Chain specification recommends creating an OSS compliance program consisting of policies, processes, training, tools, etc. First, let’s share the policy for using OSS within the company and within the team. (The policy may differ depending on the use cases of target businesses.) Next, let’s show the organization related to OSS and the role of each member related to OSS. Then explain how OSS-related processes (OSS listing, OSS review, OSS distribution review) are incorporated into our software development process. (5) Examination at the time of introduction Let’s explain the points to be noted in the characteristics of the license and the points to be noted regarding intellectual property rights (patent rights, etc.). (6) OSS review Let’s explain the information collected in the OSS review, the content of the review, the available tools, and others. (7) OSS distribution Let’s explain what precess will be applied to distribute OSS in the target business form, including examples. Also, explain the implications of improper use of OSS and lack of license information in the software supply chain. (8) Summary (9) Contact information (10) References / organizations I think that (9) to (10) are effective for deepening the understanding of OSS within the company and the team.
Then, especially if (2) and (3) are explained to software by using analogy to legal terms that are common within the company and within the team, software developers will understand more easily. Also, in (4) to (7), if you explain by applying it to the system within the company or team and the software development process actually used, I think that you can deepen the understanding of software developers. Please devise.
Tomorrow, tech_nomad_ will talk by the title “Framework for Skill Standards on OSS Compliance”. Among the roles related to the use of OSS, what kind of skills each person in each role should have is a difficult theme, isn’t it? I am also very interested in this theme and am looking forward to it.
12月8日のアドベントカレンダを担当するのは、株式会社 日立製作所の岩田です。Open Chain Japan WGの「役割ごとの教育資料」SWGのリーダを担当しています。宜しくお願いします。 さて、皆さんはOSSを利用する上で、一体何に気を付けていますか。又、社内やチーム内でOSSを利用するための教育を行う場合、どんな構成、内容にするでしょう。OSSを利用するソフトウェア開発者は、どんな事を知っておけば良いのでしょう。こんな疑問に答えるために、OSSに関係する役割ごとにどんな教育資料が良いかを、考えてみる事にしました。下記内容は、もちろんOpen Chainの仕様やカリキュラムを参考にしています。
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
In this Advent Calender, we will use 7 of 25 articles to introduce the OpenChain Spec v2.1 draft rc3, which is equivalent to ISO/IEC PRF 5280, an international standard being developed. This is just an introduction to give you an idea of what OpenChain is all about, so if you want to know more about it, please read the actual standard. If you want to know more about it, please read the actual standard.
1.1 Policy
Chapter 1.1 is about OSS policies. It does not specify what should be included in the OSS policy, which will be covered in the next chapter.
1.2 Competence
Chapter 1.2 is a section on defining roles within the organization. The organization needs to define the roles and responsibilities and suitability of the personnel who will deliver OSS compliance and keep the results of their suitability assessment.
1.3 Awareness.
Chapter 1.3 is the chapter on education. Organizations need to educate staff involved in OSS compliance operations about OSS policies, the purpose and contribution of OSS utilization, and the consequences of non-compliance, and keep evidence of the education results.
Tomorrow, as a topic related to chapter 1.3, Mr. Iwata from Education SG will introduce the activity to share the materials which can be used for internal training among companies.
OpenChain Japan Advent Calendar 2020、本日の記事執筆を担当する山田です。IPTech特許業務法人というIT領域に特化した特許事務所で勤務しています。あと、副業として、テック系のライターもしています
IT領域で仕事をする上でOSSの知識が不可欠だなと思うようになり、2019年夏ころからOpenChainの活動に参加し始めました。現在は、主にPromotion SWG(Sub Working Group)で活動しており、OpenChainやOSSコンプライアンスに関する情報発信や昨日遠藤さんから紹介があったOSSコンプライアンスについての研究活動等の取り組みをしています。
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
1. Introduction
Hello. I’m Masato ENDO.
At first, I’d like to introduce myself again, I’m OpenChain Project Automotive Chair and Japan Work Group Promotion Sub Group Leader. Recently, I became group manager of business planning and system development in my company. Now, I’m studying agile development agile development
My hobbies are traveling, watching sports (especially soccer), and gadgets. I planned to get a PS5 and a Galaxy Note20 Ultra this winter. However, I could not get them. After all, I bought the iPhone12 pro max because I was attracted to Pacific Blue and camera performance. Recently, I’m wondering if I should buy ASTRO CITY mini. If the software for the ST-V board and MODEL2 board was included, I bought it without hesitation.
Today, I would like to share the progress of OSS compliance governance construction of each company. Last week we gave you an overview of the OpenChain standard. I think everyone is most concerned about “How far are other companies actually doing?” Japan WG conducted a survey to answer such questions. So, I will share the survey outline.
2. Summary of the Survey
As introduced last year at OpenChain Japan WG Promotion SG, we have been raising awareness of the importance of OSS compliance with various partners such as the companies, government, media, and community. Meanwhile, in 2020, we launched a research team on OSS compliance in collaboration with the academic community. First of all, since it is important to grasp the situation, we conducted a questionnaire for domestic and foreign companies. We received responses from 59 companies. The attributes of the respondents are as follows. In order to clarify the progress of each company, we have summarized the items related to each item of OpenChain Spec 2.0, which is almost the same as the ISO standard. The report can be downloaded from GitHub, so this time I will introduce the essence.
3. Summary of the result
First, let’s take a look at the items that are relatively being developed by each company among the items of OpenChain Spec 2.0.
Sec1.1 requires that documented OSS policies be disseminated internally. We found that 83% of the surveyed subjects had some form of OSS policy.
Next, let’s look at the items that each company is struggling with.
The graph above is for budget items, and the same tendency can be seen for securing personnel. Analyzing these, we can see that although the importance of OSS compliance has begun to be recognized and rules such as policies are being created, resources are not yet fully allocated.
Finally, let’s take a look at the whole summary slide.
Looking at the whole thing, we can see that in addition to resources, there are also issues related to contributions. We plan to introduce contributions in detail later this month. In any case, all items must be satisfied in order to obtain ISO standard certification. OpenChain will continue to provide information that will support the acquisition of certification by each company.
4.Tomorrow’s theme is …
From tomorrow, we will finally start introducing the contents of the ISO standard. At first, Mr. Yamada will introduce chapters 1.1 to 1.3. Looking forward to!
1. はじめに
こんにちは。 一昨日に続いての登場の遠藤です。
改めて自己紹介させて頂きますが、 OpenChainでは、本Advent Calendarを企画しているJapan WG Promotion SGのリーダーや グローバルではAutomotive Chairを務めさせて頂いています。 本業ではデータビジネス関係の企画・開発を行うチームのマネージャーに最近なりました。 アジャイル開発を勉強して、スクラムマスターの資格(LSM)をとったところです。
趣味は旅行、ガジェット、スポーツ観戦(主にサッカー)です。 今冬は、PS5とGalaxy Note20 Ultraをゲット予定でしたが、 前者は購入できず、後者は楽天からSIMフリーバージョンがなかなか発表されなかっため、 結局パシフィックブルーとカメラ性能に惹かれてiPhone12 Pro Maxを買っちゃいました。 最近はアストロシティミニを購入すべきか悩み中です。 世代的にST-V基板やMODEL2基板のソフトが入っていれば即買いだったんですが。
さて、本日は各企業のOSSコンプラ体制構築進捗状況について共有させて頂きます。 先週一週間でOpenChain標準の概要を説明させていただいたのですが、 皆さん一番気になるのが「他社は実際どこまでやってるの?」ということかなと思います。 Japan WGでは今年そのような疑問に答える調査を行いましたので、調査概要をシェアさせて頂きます。
2. 調査概要
OpenChain Japan WG Promotion SGでは昨年も紹介したように コミュニティ、企業、政府、メディアなど様々なパートナーとOSSコンプラの重要性の啓発を行ってきました。 そんな中、2020年は学術界と連携し、OSSコンプライアンスについての研究チームを立ち上げました。 まずは、状況把握が重要ということで、国内外企業向けのアンケートを実施し、 59社から回答を得ました。回答者の属性は以下のようになります。 その中で、各社の進捗状況を明らかにするためにアンケート結果の中から ISO標準とほぼ同じものであるOpenChain Spec2.0の各項目に関連する項目をまとめました。 レポートはGitHubからDLできますので、今回はエッセンスをご紹介いたします。
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
It’s a little off the topic of ISOization of OpenChain, but this week we had a big event such as Open Compliance Summit on 12/1 and Open Source Summit Japan on 12/2-4. So I will report them here.
What is the Open Compliance Summit?
The Open Compliance Summit is an annual event held in Japan at this time of year. As the name implies, it is a place to discuss OSS compliance. To join this event, you must be a member of the Linux Foundation or invited. Chatham House rules apply, so you can expect a deeper discucssion. This year, due to COVID-19, it was held online.
Content this year
Of course, the biggest event in 2020 related to compliance is ISOization of OpenChain 2.1. It was also introduced that SPDX is also working toward ISOization. For 2021, it is said that “visualization has became possible, so optimization will be in turn” due to ISOization. Based on that trend, I have the impression that there were many announcements about compliance tools. The biggest thing for me is that I learned that the famous copyright troll was involved in PostgreSQL last year. So he is mentioned in Acknowledgments for Release 12. Oh, that means my name is written alongside his name…
What is Open Source Summit Japan?
Open Source Summit Japan is an event held in Japan from the end of spring to the beginning of summer every year. This is a place to discuss OSS widely, not limited to compliance. This year was scheduled for a different time than usual because it overlaps with the Olympics, but due to COVID-19, it was held online at this time.
Content this year
1st day
In the keynote speech it was said that OSS was well going in 2020, despite the pandemic and trade conflicts. On the contrary, OSS is also used to combat pandemic. (This is also true of Tokyo’s stopcovid19 site, isn’t it?) Next, Automotive Grade Linux UCB version 10.0 was introduced. I’m not very familiar with cars, so I can’t write any more, but the next version is nicknamed Kooky Koi. I don’t know what Kooky means, but Koi is a carp in Japanese. It was also introduced that Linux is used in the supercomputer FUGAKU.
2nd day
LF Energy was mentioned in the keynote speech, and the LF Energy Mini Summit was held after the keynote speech. There was also a session about LF Edge. It seems that neither LF Energy nor LF Edge is one OSS name, so although the name of the conference says “open source”, I feel that the scope of this summit has expanded considerably.
3rd day
RISC-V was mentioned in the keynote speech, and there was also a session dealing with RISC-V. (Although it happened on other days.) RISC-V is open hardware, so it’s already beyond the scope of “open source”. I was also impressed that the times have changed when a person from Microsoft talked about embedded systems at such Linux-related meetings.
Tomorrow’s theme is …
Everyone might be wondering, “How are other companies working on OSS license compliance activities?” The OpenChain Japan WG conducted a survey to answer such questions and compiled it as a treatise. Tomorrow, one of the authors of the treatise, Endo-san, will talk about the survey results. I hope you all will enjoy it.
Open Compliance Summitは、毎年この時期に日本で開催されているイベントです。名前の通りOSSのコンプライアンスについて議論する場です。Linux Foundationのメンバーだったり招待してもらったりしないと参加できません。チャタムハウスルールが適用されますし、その分濃密な話を期待して良いです。今年は新型コロナの影響でオンラインでの開催になりました。
Open Source Summit Japanとは毎年春の終わりから夏の初め辺りに日本で開催されているイベントです。こちらはコンプライアンスに限定せずOSSについて広く議論する場です。今年はオリンピックと重なるのでそもそもいつもと違う時期に予定されていましたが、新型コロナの影響でこの時期にオンラインでの開催になりました。
今年の内容
1日目
基調講演では最初に、2020年は感染爆発や貿易摩擦などがあった中、OSSは上手くやってきた、という話がありました。それどころか、感染爆発と闘うのにもOSSが使われているそうです。(皆さんの身近なところでは東京都の新型コロナウイルス感染症対策サイトもそうですよね。) 次にAutomotive Grade Linux UCB バージョン10.0の紹介がありました。自動車にはあまり詳しくないので、これ以上は書けませんが、次のバージョンの愛称がKooky Koiだそうです。Kookyの意味は分かりませんが、Koiは鯉のことです。 また、スーパーコンピューター富岳でLinuxが使われていることも紹介されました。
「他の会社ではOSSライセンスのコンプライアンス活動にどう取り組んでいるのだろう」というのは皆さんもとても気になることではないでしょうか。OpenChain Japan WGではそのような疑問に答える調査を行ない、論文としてまとめました。明日はその論文の著者の一人である遠藤さんが調査結果について書きます。楽しみにしていてください。
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
1.Introduction
Hello, this is Endo who is Promotion SG leader and Automotive Chair of OpenChain. Shane is the main of the article, so I will introduce myself on another occasion.
This year’s Advent Calendar theme is OpenChain Spec ISO. So, today, I received a message in Q & A format from Shane, who is a General manager of OpenChain, Please enjoy it.
2.Message from Shane
Q: Congratulations on ISO conversion of OpenChain Spec!! Please tell us your frank impressions.
A:Open source compliance has existed as long as open source. However, until OpenChain there was no single, objective standard for high quality compliance. People and companies did their best and often did a good job, but they were working in isolation. The global supply chain is interconnected and companies depend on each other. It was necessary to create one clear way to do compliance properly. OpenChain proved this could be done with a short and easy to understand specification.
Now, after almost five years in the market, OpenChain has changed from a widely-used industry standard into a formal ISO International Standard. This means that it is much easier to include in sales and procurement discussions, especially in industries that are not familiar with open source or in managing open source licenses. I believe that OpenChain as an ISO standard has permanently changed corporate use of open source. Over time every company using open source to make products and solutions will be using our ISO standard. I expect it to become as common as ISO 9001 or 14001.
My frank impression is that this ISO standard will allow open source to become a comfortable, trusted choice for any product or solution containing software. It will help make the supply chain more efficient. It will save many millions of dollars in resource management and issue resolution. The impact will be huge.
Q: Please tell us how the community decided to create Spec.
A: In 2015 it was clear that open source was very successful. It had existed in the market for about two decades, but especially in the time period between 2005 and 2015 it became ubiquitous. Open source was in everything from our data centers to our mobile phones to our air conditioners.
The impact of the technology was amazing. However, there was one area which remained a significant challenge. In complex supply chains it was quite difficult to pass open source between companies and to consistently, reliably meet the requirements of open source licenses. This was not due to any ill-intent, but because each company was solving open source compliance in their own way, and a supply chain with 20 or 30 companies meant a lot of variables and differences in license management. Errors would often occur.
OpenChain was born out of the idea of making a single, clear and resource effective way to manage open source in organizations and in a repeatable manner across the supply chain. It was built to provide consistency and to increase trust in supply chains, one company at a time. In other words, it was designed to specifically solve real world problems using the best real world solutions.
Q: What is the OpenChain Spec concept, philosophy?
A: OpenChain defines the key requirements of a quality open source compliance program. Every company using OpenChain can therefore be trusted more than companies using bespoke solutions. OpenChain is carefully designed to be as simple as possible and as agnostic as possible so that companies of all sizes and in all markets can use it. OpenChain distills thousands of human-hours of experience from across hundreds of companies into a seven page standard. It is designed to be the simplest, most elegant solution possible.
Q: I think that many people will meet OpenChain Spec as a result of becoming ISO. If you have a message for such people,
A:Open source provides access to billions of dollars of third-party code. There are some clear, reasonable conditions described in open source licenses. Just like any intellectual property, we need to follow the licenses. However, in the past identifying the best processes to do this was challenging. There were few lawyers, project leaders and engineers who had detailed knowledge about open source licenses. Sometimes information in the public domain, such as on websites, suggested different terms or intentions. The missing part was a clear, simple, reliable and efficient process approach for doing open source compliance. OpenChain changes this. You can adopt the ISO standard or OpenChain 2.1 and know that you have a quality open source compliance program. Today any company in the world can go to www.openchainproject.org and find the International Standard for open source compliance, supporting reference material, free self-certification support, and – if they need it – third-party service providers. No matter who you are, you can build out the same process approach as Microsoft or Qualcomm or Hitachi or Toyota in a way that suits your available resources. This is a remarkable change in the market. If you are a supplier, this is a way to show that you have quality intellectual property management in this space. If you are a customer, this is a way to ensure your procurement includes quality open source compliance. Join us in helping thousands of companies do even better with open source.
3.Tomorrow’s theme is …
Many events related to OpenChain were held at the Linux Foundation Summits this week. Tomorrow, Koizumi-san will introduce these events’ summary . Looking forward to!
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
International Standardization of OpenChain specification
Hi, I’m Tadayuki Osaki, OSS compliance specialist working for Fujitsu Limited and involved in Open Source Software (OSS) license compliance.
In this article, I briefly introduce the international standardization of OpenChain specification.
From specification to standard
As introduced in Ayumi Watanabe’s first day article, OpenChain specification defines requirements for an organization to establish OSS compliance, and is coordinated by the OpenChain project under the Linux Foundation.
Under the Linux Foundation, there are projects to develop software (code) and to standardize specifications (specification/spec.), for a total of 187 projects as of December 2, 2020.
The figure above plots Linux Foundation projects into two categories: project configuration (Single / umbrella) and project subject (Software (code)/Specification).
The OpenChain project, with its logo at the bottom left of the diagram, is designed to create and standardize specifications, as are the OpenAPI initiative (API standardization) and the Open Container Initiative (Container formatting and runtime standardization).
What is International Standardization?
An international standard is a standard established by international standards organizations. Each member country of the WTO is required to conform its domestic standard to the international standard*, as required by WTO TBT Agreement. By international standardizing a specification, it can be developed and promoted to the domestic standard of each country. *only for international standards enacted by a specified international standards organizations, such as ISO, IEC, and ITU.
In the field of information technology (IT), ISO/IEC JTC1 (First Joint Technical Committee of ISO and IEC), an international standards organization independent from ISO and IEC, handles international standardization of the technical area.
OpenChain specification will be published as an international standard by the end of December, as stated in the second day article by Ayumi Watanabe, after going through the process of international standardization in ISO/IEC JTC1.
It should be noted that the content of documents relating to ISO procedures does not necessarily apply to the procedures of ISO/IEC JTC1, as the details of the procedures differ among international standardization bodies.
Flow of international standardization of OpenChain specification
The flow of the OpenChain specification up to its establishment as an international standard by ISO/IEC JTC1 is shown in the following diagram.
Specifically, the following two steps were taken.
Approved as the PAS submitter for ISO/IEC JTC1 by the Joint Development Foundation (JDF) under the Linux Foundation (May 2015).
As a result, the Linux Foundation is now able to apply to ISO/IEC JTC1 through its own JDF for open specifications (PAS; Publicly Available Specification).
JDF conducts procedures for international standardization of the OpenChain specification to ISO/IEC JTC1. PAS Application Procedures (PAS submission)
Conversion Procedure from PAS Application to International Standard Application (PAS transposition process)
Voting by national bodies (National Bodies) of JTC1 on the International Standard Draft (DIS) (2020/09: approved)
Published as an international standard (publish): 2020/12 planned
Way forward
The international standardization of the OpenChain specification is a big step toward the OpenChain Project’s goal of “Enabling a software supply chain where OSS is delivered with reliable and consistent compliance information”. In the future, the OpenChain Project will promote initiatives such as encouraging countries to establish domestic standards in response to the internationally standardized OpenChain specifications.
Tomorrow’s theme is…
Tomorrow is a message from Shane, General Manager of the OpenChain Project.
