Powered By Blogger

Thursday, September 22, 2016

FOSS license compatibilities

Free and open-source software (FOSS) has assisted in the spread of emerging technologies, allowing users to utilize freely publicly available software and developers to incorporate third party source code into their implementations. As the number of components in software systems increases, so does the complexity of deciding which license(s) can be applied on the final system, or of checking if there are any incompatibilities among the terms defined in the licenses adopted in the different software components.
Formal lists of licenses can be found in the Open Source Initiative (OSI) and the Free Software Foundation (FSF). A larger license list is maintained by the Software Package Data Exchange (SPDX). 

The variety of open source licenses makes it difficult for organizations to cope with incompatibilities that might exist due to the use of software libraries based on different licenses. License A is considered one-way ‘compatible’ with license B, if software that contains components from both licenses can be licensed under license B. The term ‘one-way’ is used to highlight that license A is compatible with license B, but the reverse case (i.e., license B is compatible with license A) is not assured. 

A general rule of compatibility is that old versions of a license are compatible with newer version(s) of the same license, but the reverse is not true. This plus (+) sign used in some licenses means that we are referring to the indicated version of the license or later versions of that. 

A graph that provides an indication of compatibility or lack of compatibility through two different types of edges: compatibility edges and incompatibility edges is shown below. The graph covers main license families, i.e., Apache, BSD, MPL, LGPL, GPL, AGPL. 

 The details of the graph creation can be found in a relevant research publication:
  • Georgia M. Kapitsaki, Nikolaos D. Tselikas, Ioannis E. Foukarakis: An insight into license tools for open source software systems. Journal of Systems and Software 102: 72-87 (2015)
You can also find a previous graph created by David A. Wheeler in the Free-Libre / Open Source Software (FLOSS) License Slide here.

The above information is an indication of compatibility, but for detailed legal advice legal experts need to be consulted.

Thursday, March 14, 2013

Open source XACML implementations

I am looking into using eXtensible Access Control Markup Language (XACML). XACML is an OASIS standard implementing Role-Based Access Control (RBAC). It captures RBAC policies and specifies a number of architectural entities that can be used for policy definition, control and enforcement.

There is a number of open-source implementations of XACML. A list of them is depicted below, they are all Java-based:

Programing language
XACML version supported
Latest version

Last updated
XACML 1.x and 2.0 (core features)
Seems not to be updated any more
XACML  1.0, 2.0 and 3.0
based on Sun's XACML Implementation



Java (Axis2 WS)
implements PDP and PAP

Saturday, June 9, 2012

Categories of OSI-approved open source licenses (last update: Apr. 10th, 2014)

Open source licenses are widely used in Free Open Source Software (FOSS). Some licenses are by far more popular than others and widely used. The main categories mentioned for FOSS licenses refer to permissive, weak copyleft and strong copyleft licenses. However, the licenses approved by the Open Source Initiative (OSI) and the ones approved by the Free Software Foundation (FSF) are not being presented in the respective categories from these organizations. Regarding permissive licenses, a list can be found by the ones approved by the Copyfree initiative.

It is helpful to see in which from these three categories each license corresponds. I present in this post the licenses that have been approved by OSI. Please bear in mind that some licenses possess different properties that do not render them 100% free licenses in order to belong non-ambiguously to the categories of permissive or copyleft. Some licenses have a closer meaning to proprietary licenses without the commercial feature, i.e., they cannot be employed for commercial software. Still, characterizing the license as permissive or not makes sense when it refers to the restrictions imposed on the potential license use. 

I am listing in this post the licenses that can be currently found in the OSI-approved license list. Since different procedures are followed by OSI and FSF for a license approval process, not all licenses exist in both organizations. Note that the license list in OSI fratures also a license that has been deprecated by its owner: Historical Permission Notice and Disclaimer (HPND). Any comments are welcome. 

Permissive Weak copyleft Strong copyleft Uncategorized

Apache License v. 2.0
Boost Software License (BSL-1.0)
BSD 3-Clause "New" or "Revised"
BSD 3-Clause "Simplified" or "FreeBSD"
MIT license (MIT)
Academic Free License ("AFL") v. 3.0
Attribution Assurance Licenses (AAL)
EU DataGrid Software License (EUDatagrid)
Educational Community License, Version 2.0 (ECL-2.0)
Eiffel Forum License V2.0 (EFL-2.0)
Entessa Public License Version. 1.0
Fair License
ISC License (ISC)
Lucent Public License Version 1.02
MirOS Licence
MIT license (MIT)
Multics License
Naumen Public License (Naumen)
NTP License (NTP)
Open Group Test Suite License (OGTSL)
PHP License 3.0 (PHP-3.0)
PostgreSQL License (PostgreSQL)
Python License (Python-2.0)
CNRI Python license (CNRI-Python)
University of Illinois/NCSA Open Source License (NCSA)
Vovida Software License v. 1.0 (VSL-1.0)
W3C License (W3C)
X.Net License (Xnet)
Zope Public License 2.0 (ZPL-2.0)
zlib/libpng license (Zlib)
Adaptive Public License v. 1.0
Apple Public Source License (APSL-2.0)
Artistic license v. 2.0
Common Development and Distribution License 1.0 (CDDL-1.0)
Computer Associates Trusted Open Source License 1.1 (CATOSL-1.1)
CUA Office Public License Version 1.0 (CUA-OPL-1.0)
Eclipse Public License 1.0 (EPL-1.0)
GNU Library or "Lesser" General Public License version 2.1 (LGPL-2.1)
GNU Library or "Lesser" General Public License version 3.0 (LGPL-3.0)
Microsoft Public License (Ms-PL)
Microsoft Reciprocal License (Ms-RL)
Motosoto License (Motosoto)
Mozilla Public License 2.0 (MPL-2.0)
NASA Open Source Agreement 1.3 (NASA 1.3)
Nokia Open Source License (Nokia)
Ricoh Source Code Public License (RSCPL)
Sun Public License 1.0 (SPL-1.0)
Sybase Open Watcom Public License 1.0 (Watcom-1.0)
wxWindows Library License (WXwindows)
CeCILL License 2.1 (CECILL-2.1)
Common Public Attribution License 1.0 (CPAL-1.0)
European Union Public License, Version 1.1 (EUPL-1.1)
Frameworx License (Frameworx-1.0)
GNU Affero General Public License v3 (AGPL-3.0)
GNU General Public License version 2.0 (GPL-2.0)
GNU General Public License version 3.0 (GPL-3.0)
IBM Public License 1.0 (IPL-1.0)
IPA Font License (IPA)
Nethack General Public License (NGPL)
Non-Profit Open Software License version 3.0 (NPOSL-3.0)
Open Font License 1.1 (OFL 1.1)
Open Software License 3.0 (OSL-3.0)
Reciprocal Public License 1.5 (RPL-1.5)
Simple Public License 2.0 (SimPL-2.0)
Sleepycat License (Sleepycat)

LaTeX Project Public License 1.3c (LPPL-1.3c)
OCLC Research Public License 2.0 (OCLC-2.0)
Q Public License (QPL-1.0)
RealNetworks Public Source License V1.0 (RPSL-1.0)

Monday, March 12, 2012

Constructors and inheritance in Java

While methods of the superclass are inherited to the subclass, this is not the case with constructors.
Constructors are never inherited in Java. If you do not define a constructor for a class that extends another
class with one or more constructors defined, a default constructor will be generated for the subclass.
However, what you can do is call the constructor of the superclass from the  subclass (using super).

For instance, you cannot do the following:
class Nature {

String name;

Nature () {
  Nature (String name) {
    this.name = name;

class Tree extends Nature {

  /* No constructor defined for this class. 
  The compiler generates the default constructor 
  with zero arguments    */

class Pinetree extends Tree {

Pinetree (String name) {
    // ERROR: Cannot do this
    // super(name);