Re: [saml-dev] FW: A change to the RSA licensing process for SAML implementers

[NISHIMURA Toshihiro <nishimura.toshi@jp.fujitsu.com>]

I sent this comment in reply to the original e-mail sent to SSTC list.
But I received an error (perhaps because I am not a Member of SSTC).
So, I'm now sending it to saml-dev list:


Rob,

It is a good news that the licensing process become easier.
It seems to me (not a legal expert) that there is another change.

Under the previous IPR statement, licensees are required to grant to
RSA a RF license to patents "with respect to the SAML specifications".
Now, under the new IPR statement, licensees can't assert "any patent
claims" against RSA, i.e. including those unrelated to SAML.

Am I reading correctly?

Toshi
---
NISHIMURA Toshihiro (FAMILY Given)
nishimura.toshi@jp.fujitsu.com
STRATEGY AND TECHNOLOGY DIV., SOFTWARE UNIT, FUJITSU LIMITED


At Fri, 12 May 2006 15:22:57 -0400,
Philpott, Robert wrote:
> ________________________________
> 
> From: Philpott, Robert 
> Sent: Thursday, May 11, 2006 7:30 PM
> To: security-services@lists.oasis-open.org
> Cc: Philpott, Robert
> Subject: A change to the RSA licensing process for SAML implementers
> 
>  
> 
> Hi all,
> 
>  
> 
> As you all should know, RSA Security's IP declaration for SAML described
> a licensing process that required downloading a license from the RSA
> Security web site, getting it signed, and mailing it back to RSA's legal
> office.  I've been working on getting this changed for quite a long time
> (months) and finally achieved success last week!  We have now switched
> to the common "defensive suspension" style of licensing, for example
> like that used by AOL for SAML.
> 
>  
> 
> I notified OASIS of the change on 27-April.  I've been waiting for them
> to post the new statement to the SSTC IPR page before announcing it, but
> since there's been a bit of discussion on IP licensing (mentioning SAML)
> on the chairs list and over at Liberty, we concluded we should go ahead
> and update everyone.
> 
>  
> 
> The text of the new statement is attached below.  As I said, it should
> be posted to the IPR page very soon (anyone at OASIS listening?)...
> 
>  
> 
> Cheers,
> 
> Rob Philpott
> Senior Consulting Engineer
> RSA Security Inc.
> Tel: 781-515-7115
> Mobile: 617-510-0893
> Fax: 781-515-7020
> Email: rphilpott@rsasecurity.com <mailto:mrphilpott@rsasecurity.com> 
> I-name:  =Rob.Philpott <http://public.xdi.org/=Rob.Philpott> 
> 
> To: OASIS Executive Director
> 
>  
> 
> From: Robert P. Nault, Senior Vice President and General Counsel, RSA
> Security Inc. 
> 
>  
> 
> Date: April 27, 2006
> 
>  
> 
> Subject: Intellectual Property Rights Statement
> 
>  
> 
> In previous correspondence dated December 6, 2004, January 20, 2003 and
> April 22, 2002, RSA Security Inc. ("RSA") disclosed that it is the
> assignee of U.S. Patent Nos. 6,085,320 and 6,189,098, both entitled
> "Client/Server Protocol for Proving Authenticity" and U.S. Patent Nos.
> 5,922,074 and 6,249,873, both entitled "Method of and Apparatus for
> Providing Secure Distributed Directory Services and Public Key
> Infrastructure" (collectively, the "RSA Patents").  At that time, RSA
> believed that these four patents could be relevant to practicing certain
> operational modes of the OASIS Security Assertion Markup Language
> ("SAML") specifications.  In the correspondence, RSA offered to grant
> non-exclusive, royalty-free licenses on a non-discriminatory basis for
> the RSA Patents.
> 
>  
> 
> In the interest of encouraging deployment of SAML-based technologies,
> RSA hereby covenants, free of any royalty, that it will not assert any
> claims in the RSA Patents which may be essential to the SAML standard
> v1.0, 1.1 and 2.0 (hereinafter "NECESSARY CLAIMS") against any other
> entity with respect to any implementation conforming to the SAML
> standard v1.0, 1.1 and/or 2.0.  This covenant shall become null and void
> with respect to any entity that asserts, either directly or indirectly
> (e.g. through an affiliate), any patent claims or threatens or initiates
> any patent infringement suit against RSA and/or its subsidiaries or
> affiliates.  The revocation of the covenant shall extend to all prior
> use by the entity asserting the claim.
> 
>  
> 
> RSA will continue to honor existing license agreements for the RSA
> Patents and will continue to offer as an option to interested third
> parties the same licensing arrangement described in our previous
> correspondence.  (The license agreement, along with instructions for
> obtaining and completing the license, are available on RSA's website
> www.rsasecurity.com <http://www.rsasecurity.com/> .)  
> 
>  
> 
> RSA welcomes comments on this statement and looks forward to further
> collaboration with OASIS