OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] RSA IP with respect to SAML

Attached are copies of the 2 issued patents discussed on today's con-call.   A "non-legal" review of these patents by me, Burt Kaliski, and John Linn here at RSA Security led us to believe that there is an overlap with, but not necessarily limited to, the Browser/POST profile of the SAML spec.


As discussed on the call, the general idea covered is where a client obtains a signed authentication assertion from an authority and then passes that signed assertion over an encrypted channel to a verifier (relying party) who, after validating the assertion, accepts it as proof of authentication of that user.


Note that we currently do not feel (again non-legal) that the Browser/Artifact Profile does not overlap, since the patent requires that the assertion itself, and not some reference to the assertion, is sent from the client to the server.


Rob Philpott

RSA Security Inc.

The Most Trusted Name in e-Security

Tel: 781-515-7115

Mobile: 617-510-0893

Fax: 781-515-7020





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC