-----Original
Message-----
From: Philpott, Robert
Sent: Tuesday, February 12, 2002
12:43 PM
To: 'oasis sstc
(security-services@lists.oasis-open.org)'
Cc: Kaliski, Burt; Linn, John
Subject: RSA IP with respect to
SAML
Attached are copies of the 2 issued patents discussed on
today's con-call. A "non-legal" review of these
patents by me, Burt Kaliski, and John Linn here at RSA Security led us to
believe that there is an overlap with, but not necessarily limited to, the
Browser/POST profile of the SAML spec.
As discussed on the call, the general idea covered is where
a client obtains a signed authentication assertion from an authority and then
passes that signed assertion over an encrypted channel to a verifier (relying
party) who, after validating the assertion, accepts it as proof of
authentication of that user.
Note that we currently do not feel (again non-legal) that
the Browser/Artifact Profile does not overlap, since the patent requires that
the assertion itself, and not some reference to the assertion, is sent from the
client to the server.
Rob
Philpott
RSA Security Inc.
The Most Trusted Name in
e-Security
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com