AOL oscar documentation revisited

[Mark Doliner]

A few months ago AOL released some documentation[1] for the OSCAR
protocol.  We asked our lawyer about this at the time and the original
assessment was that we could not use the documentation because it
violates our license because it places additional restrictions upon
the software over what is required by the GPL.

I would like to be able to use this documentation for a few reasons:

* I think it would allow us to make our code a little more reliable by
removing some of the guesses we've made about the way things work.
One specific thing I have in mind is buddy icon setting and
fetching--I'm not sure we're doing things quite right.

* The documentation also describes the new authentication procedure
used by AIM (and other AOL properties).  This authentication procedure
provides single sign on, which I think means we'll be able to log
people into AOL mail automatically, for example.

* The new login procedure will hopefully be more reliable.  Right now
some people occasionally have sporadic weird problems related to
resolving login.oscar.aol.com/login.messaging.aol.com.  I feel like
these problems only manifest themselves when using the old login
procedure.  See Pidgin ticket #2839, #2892 and #6008.

* AOL is moving away from our current authentication method, and I
think it would be good to have a backup plan on the remote chance that
they decide to turn off login.oscar.aol.com.

* The new login procedure would provide encrypted login for ICQ.  We
could accomplish the same thing by changing ICQ to use the MD5 login,
but the last time we did this we had some complaints that people could
no longer connect.

And so, I've been digging into this trying to find out exactly what
problems there are with us using the documentation.  I've spoken with
our lawyer at the Software Freedom Law Center, with a lawyer
representing Meebo, and with two well-informed non-lawyers at AOL.

We obviously can't use any sample code provided by AOL, and we
obviously can't use any libraries provided by AOL.  I'm only
interested in using the documentation.

The important text from the top of their documentation reads:
"Regardless of whether you write your own library or use an existing
library, you must agree to and follow the Open AIM Platform Developer
Agreement and Terms of Service[2] in order to use the AIM API. You may
use this documentation of the OSCAR protocol to develop, test, and
deploy your own instant messaging client and you may release that
client under an open source or a proprietary license."

The blurb about agreeing to the Platform Developer Agreement and Terms
of Service is scary, but it's important to note that they're talking
about Terms of Service and NOT a license.  The Terms of Service apply
to the human who uses the documentation and NOT to the software
created using that documentation.  Which I think means that the Terms
of Service doesn't affect the software's license in any way.

Consider the scenario where you create a client that speaks oscar, but
you use that client to connect to an open-source oscar server (i.e.
not something run by AOL).

I'm also under the impression that our client is supposed to be
adhering to AOL's Terms of Service regardless of whether we use their
documentation.  So I don't think using the documentation changes our
position very much.

I'm interested in hearing other people's take on this issue.

-Mark

[1] http://dev.aol.com/aim/oscar
[2] http://dev.aol.com/aim/license