Thursday, 29 October 2020

who owns the IPR?

Who owns IPR?

Easy answer, at least that what I though.  Well after a lot of research it seem that it isn't as cut and dry as it may first appear.

It all appears to heavily depend on two things, your contract and you employment definition.

For example, if you are employed as a cleaner and in passing you notice that the chairs used by software engineer could be improved by adding a bin to the arm of the chair.  You then go and build a prototype,  which the company then uses, pays for 1,000 of them to be built.  The cleaner is given a pat on the back and a new mop.  It would be easy to assume, he's working and employed by the company,  so the IPR belongs to the company.   And you would be wrong.  In all instances of creating something the IPR belongs to the individual who created it.  If employed, then the IPR transfers automatically only if the individual was employed specifically to design chairs, or there was a clause in the contract which states anything you develop whilst in employed belongs to the company.  

So the second part gets the company out of jail.  Yes and no.  If the cleaner had developed a new type of mop, then yes.  However,  the chair has nothing at all to do with his job.  His employment contract states he was employed as a cleaner and his duties stipulated his tasks.  So the IPR is his, and as such, the company has to agree a settlement to use the IPR.


There is a lot more to this, legal understanding of employment,  your duties etc.  But what the law does protect is the individuals rights, which cannot be override by catch all employment contract phrases such as "or what ever work or role we deem fit at the time".

Now move this to a seemingly less clear area.  You are employed to carry out data entry into a spreadsheet.   Your employment contract states your duties as compelling the data, maybe speaking to companies, sending forms etc.  However,  you have a keen interest in software development,  an in your own time you develope some code to make your task easier.  The company you work for, see this and passes it on to others in the company to use, in by doing so it save the company £100,000 per year.

The company has a software development team, a whole IT department etc. Who could have developed this.  They could have equally offered you employment within those departments seeing your potential.   However,  they choose to keep you on a low salaries data entry position. 

In this instance, you possess the IPR to the code, if you decided to take it to use in another job, it cannot be prevented.  However,  by allowing the company to use the code while you were employed there, it could be seen as your permission for them to continue to use it, unless you stipulate anywhere and at anytime, about any licencing restrictions.   These could.be free fair use while employed etc.

If you own the IPR, how much could you be paid for it? This is a fair question, and it's about worth.  How.much did it save the company, how much time did it take to develop and if you were asked by the company to make changes or update the code, in your own time.  You could quantify you time at a rate of £40 per hour, which would be an average.  If the company save £100,000 then anything from 1 to 5% would also seem fair.

To ensure when you write code and its not something you are employed to do, make your IPR case stronger by adding a license agreement. 



Friday, 7 August 2020

Deploying Angular .Net Core and Identity Server 4 onto iis

 

user is null when await this.userManager.signinCallback


Or at least that's where the problem started


To set the scene, I was using a vanilla .net core angular identity server 4 setup, to test what was happening.  So it's a good place to start to explain what was happening.

The Setup

I followed the step by step guide published here on the docs.microsoft.com site.  You would expect this to work.  To be fair, it does, in iis express or using the ng-serve command .

New Project

dotnet new angular -o pa2020 -au Individual

This gets us 90% of the way to a vanilla build.  However, to deploy onto a test server that has a certificate and running on port 443, we needed to add to the appSettings json file

"IdentityServer": { "Key": { "Type": "Store", "StoreName": "My", "StoreLocation": "CurrentUser", "Name": "CN=MyApplication" } }


Unbreakable - It Broke!

So simple, and you would expect it to work, and in iis express it does.  The error was

There was an error signing in: Error: (400)
at XMLHttpRequest.o.onload [as __zone_symbol__ON_PROPERTYload] (main-es2015.ae9ca0e58964647235f0.js:1)
at XMLHttpRequest.w (polyfills-es2015.5b10b8fd823b6392f1fd.js:1)
at a.invokeTask (polyfills-es2015.5b10b8fd823b6392f1fd.js:1)
at Object.onInvokeTask (main-es2015.ae9ca0e58964647235f0.js:1)
at a.invokeTask (polyfills-es2015.5b10b8fd823b6392f1fd.js:1)
at s.runTask (polyfills-es2015.5b10b8fd823b6392f1fd.js:1)
at c.invokeTask [as invoke] (polyfills-es2015.5b10b8fd823b6392f1fd.js:1)
at u (polyfills-es2015.5b10b8fd823b6392f1fd.js:1)
at XMLHttpRequest.p (polyfills-es2015.5b10b8fd823b6392f1fd.js:1)

But something strange, and it didn't look good.  The single page angular part was saying NOT LOGGED IN.  but click register, and the user is definitely authenticated, with access to the profile.

Debugging the code where this breaks lead me down several rabbit holes, one of which was the oidc-client setup.
Hidden way down in the depths of the authorize.service.ts line 113, the 
this.userManager.signinCallback(url); was throwing this error.  The usermanager was Observable which didn't help, neither was using fiddler to monitor the network.

The url and tokens were all as expected, even the routes were all good.  This is when I started to suspect the certificate - not sure what lead me to that, except somewhere in the back of my mind, years ago reading that IIS can sometimes decide refuse a call based on the certificate not being valid.

Certificates a plenty

I had a standard localhost certificate installed on my local box for iis testing, but as I also installed the wildcard certificate for pa2020 and set the hosts file to report to my local box, it mean I was ready to go.

I had published the to a local folder, again default settings, yet was getting the problem.  I decided to make the following changes.  However, only the combination of changes solved the isses.

1) consume the certificate at app startup
2) install the certificate outside of the iis system
3) Change App Pool identity, this bit was the missing glue;

Solution

This required changes to the code and to the IIS server

The certificate turned out to be partially the issue, so in the startup I added the following at the top of ConfigureServices
var cert = new X509Certificate2("my_private_key.pfx", Configuration["Authentication:Certificate:Pwd"]);

on the IIS Server I used certlm.msc to install the certificate

on the IIS Application Pool I changed the application pool identity from "ApplicationPool" to "NetworkService"

Now working as expected