Internet of Things: Role of Free and Open Source Software Mark Radcliffe, Partner, DLA Piper Mark O Conor, Partner, DLA Piper Ian Skerrett, Eclipse Foundation Mike Dolan, Linux Foundation (Allseen Alliance)
Global platform Largest law firm in the world, based in 31 countries and 77 offices throughout the Americas, Asia Pacific, Europe and the Middle East More than 145 DLA Piper lawyers in IP transactions Global Open Source Practice More than 550 DLA Piper lawyers ranked as leaders in their fields Page 2
OSS practice Worldwide OSS Practice US practice led by two partners: Mark Radcliffe and Victoria Lee Experience Open sourcing Solaris operating system FOSS foundations OpenStack Foundation PrPL Foundation OpenSocial Open Source Initiative GPLv3 Drafting Committee Chair Drafting Project Harmony agreements Page 3
Linux Foundation and AllSeen Alliance The Linux Foundation is a 501(c)(6) nonprofit organization dedicated to enabling the Linux kernel community and protecting, defending and promoting the adoption of Linux and open source technologies that form the backbone infrastructure of society. The Linux Foundation hosts many Collaborative Projects that extend the successful practices of open source development into technology areas beyond the Linux kernel AllSeen Alliance is one of The Linux Foundation s Collaborative Projects. AllSeen is a 501(c)(6) nonprofit organization dedicated to enabling the widespread adoption of products, systems and services that support the Internet of Things through an open environment, vibrant ecosystem and thriving technical community based on the AllJoyn open source project. The Linux Foundation is a registered trademark of The Linux Foundation. AllSeen and AllSeen Alliance are trademarks of AllSeen Alliance, Inc. AllJoyn is a registered trademark of AllSeen Alliance, Inc. Page 4
Introduction to the Eclipse Foundation Nonprofit Open Source Foundation (5.01 c6), created in 2004 220+ members, including IBM, SAP, Google, SAP, Red Hat, Bosch, Cisco, Airbus 250 different open source projects 6-8 million users 22 staff members Page 5
World economic forum: IoT report The Industrial Internet will transform the basis of competition, requiring business leaders to shift from a focus on products and services to business outcomes. For the Industrial Internet to achieve its full potential, industry sectors will need to collaborate more closely with technology leaders and policy makers to put in place the standards and conditions required to encourage further investment. Paul Nanterme, Chairman and CEO of Accenture Page 6
AllSeen Alliance Introduction Mike Dolan, Senior Director of Strategic Programs The Linux Foundation Page 7
AllSeen Alliance the problem with the Internet of Things today A different app for every device Integration is difficult Devices can t interact locally, requires an internet connection for every device Cloud connections abound; are they all secure? Each with their own terms e.g. who owns the data? Rich user experiences (combinations) are difficult to build, if even possible Laundry Cloud Lighting C Cloud Security Camera Cloud Speaker B Cloud Lighting B Cloud Fridge Cloud TV Cloud NOW PLAYING: Artist: Flowers Song: Daisy Lighting C App Speaker B App Laundry App Lighting B App Fridge App Speaker A App TV App Lighting A App Lighting A Cloud Speaker A Cloud Security Camera App App Overload! Page 8
Ubiquitous connectivity promises to make devices smart But ONLY if they speak the same language hello world! 당신은 내 말 들려? Computing devices Consumer goods and appliances Tem alguém aí? Home hellworh e 100010101011 Auto Industrial Devices that can t connect across brands, categories, and operating systems will be left out No single company covers every segment, space and platform Page 9
AllSeen Alliance AllJoyn framework lets things work together hello! AllJoyn framework Computing devices Computing devices hello! AllJoyn framework Consumer goods Consumer and goods appliances and appliances hello! hello! hello! AllJoyn framework AllJoyn framework AllJoyn framework Home Home Auto Auto Industri al Industrial Page 10
Exposing smartphone APIs enabled new experiences that no one had ever thought of before GPS Microphone GPU Touchscreen DSP Accelerometer GYRO
The AllJoyn framework exposes the capabilities of connected devices in the much the same way A single protocol allowing products and apps to expose their capabilities and interact with other devices and apps Lock doors Displays Speakers Light bulbs Garage door Clocks Sensors Cool Pictures Heat Video TVs Drapes The AllJoyn software framework is a collaborative open source project of the AllSeen Alliance
AllJoyn enabled devices describe their capabilities via service interfaces on a virtual bus Page 13
AllJoyn s Gateway Agent provides remote access, management and privacy controls for all AllJoyn enabled devices and apps Page 14
The problems that AllJoyn solves in an interoperable way Discover nearby devices Identify services running on those devices Interoperate Adapt across OS, device to devices coming and manufacturer and going Control devices near and far Span diverse transports Manage remote and local Exchange information Secure against bad actors Page 15
AllSeen Alliance - 2014 Collaboration Scorecard Projects Contributions Jira Tickets 37 total projects 103 contributors 1,600 submitted 20 active 20+ companies 1,250 closed 7 new 4.1M SLoC changed since launch 330 open or in progress
Why the Internet of Things has to be open sourced Companies will win over Internet of Things not in the boardroom, but on the command line. The consortium that gets excellent code to market first, with a community that provides great documentation and an inviting atmosphere, will win. So far, only AllSeen has done that, with code available for download today. Matt Asay VP Mobile at Adobe, via readwrite.com 17
AllSeen Alliance over 170 members including 12 premier members + One more not yet announced Page 18
AllSeen Alliance Community members 2lemetry ADT Security Services Affinegy AT&T Digital Life Audio Partnership Beechwoods Software Beijing Winner Micro Electronics BLACKLOUD Bosch CA Engineering Canary Carvoyant Changhong Cirrent Cisco Cloud of Things CoCo Communications Connectuity ControlBEAM Covata D-Link Dawon dog hunter Domos Labs Elica S.p.A. Euronics EXO U Faber S.p.A. FengLian FirstBuild Fon ForgeRock Fortune Techgroup FreeWings Technologies GEO Semiconductor GeoPal Solutions Golgi Gowex Guangdong Pisen Electronics Harman Heaven Fresh Canada Helium Honeywell HOUZE Advanced Building Science HTC Hubble icontrol Networks igloo Software iinet Imagination Technologies Innopia Technologies INSTEON Inteno Broadband Technology AB IOOOTA ISI Technologies Kii Kitu Systems Legrand Group Lenovo LeTV LG Uplus Lhings LIFX LightFreq Lite-On Local Motors Lumen Cache M2Communication MachineShop MobilityLab LLC Modacom Musaic Muzzley NETGEAR Octoblu Organic Response Patavina Technologies People Power Company Personal Air Quality Systems (PAQS) Ping Identity Playtabase POWERTECH Quanta Computer Razer Red Bend Software Resin.io Sears Brand Mgmt..Corporation Seed Labs Shenzhen Fenglian Technology Co Page 19
AllSeen Alliance Community members continued Shenzhen H&T Home Online Network Technology Co Sproutling Symantec TCL Corporation Tellient The Sprosty Network Things.Expert ThroughTek Trend Micro Tuxera Two Bulls Umbrela Universal Devices Vedams VeriSign, Inc. Vestel Group Waygum.io Weaved Wireless Things WiSilica wot.io Page 20
Eclipse IoT Introduction Ian Skerrett Ian.Skerrett@eclipse.org @ianskerrett ECLIPSE IOT
Open Source IoT Building Blocks New and Existing Devices IoT Gateways Network/Wireless Services Backend Systems Open Source Technology to Connect and Manage Page 22
Eclipse Foundation: building blocks for open IoT stack IoT applications IoT solution frameworks - Home automation - SCADA - OM2M Connectivity - MQTT - CoAP - LWM2M IoT gateway services - Remote management - Application management Open and Commercial Hardware Page 23
Open standards Mosquitto CoAP Californium LWM2M Page 24
IoT frameworks IoT Gateway Framework Integration framework for home automation Integration framework for SCADA systems Page 25
Eclipse Foundation: commercial and open IoT ecosystem Open IoT Stack Page 26
Where software is hot, OSS is hot 63% 57% 53% 51% 49% 48% 46% 27% 26% 13% CLOUD/ VIRTUALIZATION CONTENT MGMT MOBILE SECURITY COLLABORATION NETWORK MGMT SOCIAL MEDIA 3D PRINTING ANALYTICS AND DRONES BUSINESS INTELLIGENCE 12% GAMING 10% ERP Page 27
OSS grows as % of code By 2016, at least 95% of IT organizations will leverage nontrivial elements of open-source software technology in their mission-critical IT portfolios, including cases where they might not be aware of it an increase from 75% in 2010. Source: Gartner, 2014 More %??? 30% 5% 2007 Source: Black Duck audit results 2012 2017 Source: IDC Survey of G2000 Page 28
Basic legal issues Intellectual property rights Copyright Protects works of authorship such as software, documentation, music and movies Exclusive rights Distribute Modify Reproduce Public display/public performance Patents Protects inventions, such as software, hardware and automobiles which are useful, non-obvious and novel Exclusive rights (negative right) Make Use Sell Page 29
Basic legal issues continued Trademarks Word, symbol, device, sound or smell which identifies a product as coming from a certain source and as being of a certain level of quality Prevent use of confusingly similar marks Examples: Linux, Apache (word), Apache (feather), OpenStack (word) Article II Sale of goods from airplanes to automobiles to software Warranties Express Implied Remedies: consequential damages Source of the funny language in licenses merchantability WEST\21689961v1 Page 30
Types of open source licenses: Restrictive, permissive, other Restrictive (aka Copyleft, reciprocal) Requires licensor to make improvements or enhancements available under same terms Example is the GPL: licensee must distribute work based on the program (derivative works) under the terms of the GPL Hybrid Requires licensor to make limited improvements or enhancements under the same terms Example is the MPL: licensee must distribute modified files under MPL Permissive Modifications/enhancements may remain proprietary Distribution in source code or object code permitted provided copyright notice and liability disclaimer are included and contributors names are not used to endorse products Examples: Berkeley Software Distribution (BSD), Apache Software License Miscellaneous: Other: Lucent, zlib/libpng Page 31
The GNU General Public License (GPL) GPLv2 first published in 1991 (final version of GPLv3 published 6/29/2007) Key Terms of GPLv2 Right of customers to modify and distribute modification under GPL Non-exclusive Obligation to distribute (can charge but not pass through this obligation) Any work based on the program is subject to GPL Must include source code No explicit patent license Automatic termination Page 32
The updated BSD License Copyright (c) <YEAR>, <OWNER> All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Page 33
Collaborative projects Eclipse Foundation Eclipse Paho - MQTT client libraries https://eclipse.org/paho/ Eclipse Kura - IoT gateway https://eclipse.org/kura/ Eclipse Leshan - Implementation of Lightweight M2M standard for device management Linux Foundation Allseen Alliance IoT platform https://allseenalliance.org/ IoTivity IoT Framework https://www.iotivity.org/ Mosaiq (March, 2015): ABB, Bosch, Cisco Joint Venture for smart home DeviceHive Alliance (May, 2015): Canonical, GE, Microsoft, DataArt, Acer for predictive maintenance for the Industrial IoT Page 34
Key Issues in using/joining OSS Project Culture of OSS Project Culture of company (particularly with respect to OSS contributions) Governance of OSS project Run by single person Run by single company Run by multiple companies Type of OSS license Copyleft Permissive Page 35
OSS as a competitive advantage Move your software project to a foundation to ensure community support and broader adoption Example: Alljoyn and Linux Foundation Use OSS as a base for commercial product (depends on type of license) with OSS developing necessary parts which do not provide commercial advantage Example: OpenStack Collaborations Mosaiq DeviceHive Alliance Provide code under OSS license and commercial license Example: MySQL Page 36
Supply chain: Mix of open source and other code OSS Projects End User Page 37
Components of an open source policy Published policy Created via cross functional team Organization is educated on the policy Open source process owner Keeps the wheels running Grant certain types of approvals Approval processes Component review and approval Sensitive to use: internal/external/products License review and approval Release plan review and approval Page 38
Components of an open source policy continued Monitoring and tracking process Component verification Security notifications Component upgrade notifications Application to contractors/outsource vendors Obligation verification process Ensure using approved components and Meeting the license and business obligations Current reporting for responsive due diligence request Page 39
Managing open source software Define criteria for approved software Licenses Use (internal/product/website) Sources Support Other Define criteria for unapproved software Scope of application: internal development, independent contractor, outsource vendors, M&A Define conditions for participating in the open source software development Employee education No compliance without education Page 40
Open source compliance Define how development teams and other functions Search, select, approve, track, validate, track and monitor Inbound approval processes Code from internal teams, external sources Outbound compliance processes Distributed code Create a baseline of your code Prioritize Perform code analysis Plan remediation Document the origins of the code base Determine all components and licenses in use Verify usage is approved Create a catalogue of approved components and licenses Validation processes Page 41
Conclusion OSS is expected, but governance is very important OSS critical for projects as large as IoT Large and small collaborative projects Making good choices with OSS means evaluating the license obligations in the context of the business model as well as the code Need to manage use of open source (other third-party code) Page 42
Presenters Mark Radcliffe, Partner, DLA Piper mark.radcliffe@dlapiper.com Mark.O Conor, Partner, DLA Piper mark.oconor@dlapiper.com Ian Skerrett, Eclipse Foundation ian.skerrett@eclipse.org Mike Dolan, Linux Foundation (Allseen Alliance) mdolan@linuxfoundation.org 43