[saml-dev] SAML IMPL ATTESTERS!! -- statements of awareness of IPRclaims are needed

[Jeff Hodges <Jeff.Hodges@sun.com>]

Hi, 

Karl Best has informed Joe & I that along with the (many, thank you) SAML
implementation attestations, that we need to have the attesting implementors
also state that they are AWARE that IPR claims have been made w.r.t. the SAML
specifications. [note that this *DOES NOT* mean that anyone is required to
state that they have "complied" with the claims].

**PLEASE**, if you sent a SAML implementation attestation message to the
security-services list, *SEND A FOLLOWUP MESSAGE* to the security-services list
stating that you're AWARE of the IPR claims made on the SAML spec. Please do
this BY TUESDAY 25-Jun-2002 (next week) -- the message is really short and
boilerplate is included immediately below. Both a pointer to the IPR claims
statement made on SAML by RSA, and a copy of the claims letter itself, are
attached at the end of this message for your convenience. 

Here's a good example, cited by Karl, of kind of followup message we're asking
you to send..

http://lists.oasis-open.org/archives/ebxml-cppa/200206/msg00031.html

Based on that example, here's boilerplate you may use in crafting your
message..

  Regarding the successful use statement made on <DATE> by <MYCOMPANY> 
  at <URL of original attestation messsage sent to security-services>, 
  <MYCOMPANY> would like to further note that it is aware of IPR claims 
  sent to OASIS concerning implementations of the OASIS SAML 1.0
  specification.


THANKS for your attention to this matter!!

Jeff & Joe
----------

RSAs IPR claims wrt SAML are located here..

Statement of intent from RSA regarding Intellectual Property Rights 
http://www.oasis-open.org/committees/security/rsa-ipr-statement-SAML3b-OASIS-2002-04-22.shtml

..and here is a copy for your reading convenience..

                        -------------------------------------

To: OASIS Executive Director

From: Margaret K. Seif, Senior Vice President and General Counsel, RSA Security
Inc. 

Date: April 22, 2002

Subject: IPR Letter of Intent

RSA Security Inc. ("RSA") is the assignee of U.S. Patent Nos. 6,085,320 and
6,189,098, both entitled "Client/Server Protocol for Proving Authenticity". 
RSA believes that these two patents (collectively, "the RSA Patents") may be
relevant to practicing certain operational modes of the OASIS Security
Assertion Markup Language (SAML) specifications.

In the interest of encouraging deployment of these technologies, RSA is willing
to grant non-exclusive, royalty-free licenses on a non-discriminatory basis
under the RSA Patents to make, use and sell products conforming to the SAML
specifications ("Licensed Products"), under a reciprocal arrangement where
licensees agree to grant RSA comparable royalty-free licenses under any patent
rights they may assert with respect to the SAML specifications. The reciprocity
of the licensing is limited to only that intellectual property required to
implement the assertions, protocols, bindings, and profiles defined by the SAML
specifications.

The license terms for the RSA Patents will permit end-users to use the Licensed
Products.  However, in the event that a Licensed Product is a product (such as
a toolkit product or operating system service) that is used to develop other
products, the licensee of the RSA Patents must require users of the Licensed
Products to obtain a license directly from RSA for the RSA Patents.  RSA will
grant such licenses on the same royalty-free terms described above.

RSA welcomes comments on this proposal and looks forward to further
collaboration with OASIS.



---
end