[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] RSA IP with respect to SAML
Attached are copies of the 2 issued patents discussed on today's con-call. A "non-legal" review of these patents by me, Burt Kaliski, and John Linn here at RSA Security led us to believe that there is an overlap with, but not necessarily limited to, the Browser/POST profile of the SAML spec.
As discussed on the call, the general idea covered is where a client obtains a signed authentication assertion from an authority and then passes that signed assertion over an encrypted channel to a verifier (relying party) who, after validating the assertion, accepts it as proof of authentication of that user.
Note that we currently do not feel (again non-legal) that the Browser/Artifact Profile does not overlap, since the patent requires that the assertion itself, and not some reference to the assertion, is sent from the client to the server.
Rob Philpott RSA Security Inc. The Most Trusted Name in e-Security Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020 mailto:rphilpott@rsasecurity.com
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC