From: Philpott, Robert
Sent: Tuesday, February 12, 2002
To: 'oasis sstc
Cc: Kaliski, Burt; Linn, John
Subject: RSA IP with respect to
Attached are copies of the 2 issued patents discussed on
today's con-call. A "non-legal" review of these
patents by me, Burt Kaliski, and John Linn here at RSA Security led us to
believe that there is an overlap with, but not necessarily limited to, the
Browser/POST profile of the SAML spec.
As discussed on the call, the general idea covered is where
a client obtains a signed authentication assertion from an authority and then
passes that signed assertion over an encrypted channel to a verifier (relying
party) who, after validating the assertion, accepts it as proof of
authentication of that user.
Note that we currently do not feel (again non-legal) that
the Browser/Artifact Profile does not overlap, since the patent requires that
the assertion itself, and not some reference to the assertion, is sent from the
client to the server.
RSA Security Inc.
The Most Trusted Name in