WSS and RSA Security RF License to IP

To all members of the WSS TC,

RSA Security is the owner of a number of patents dealing with authentication in client / server protocols. RSA Security believes that these patents are relevant to practicing certain operational modes of the OASIS Security Assertion Markup Language ("SAML") specifications including the SAML Browser/Post Profile. A royalty free license was extended to implementers of the SAML specification. The details of this license may be found at:

http://www.oasis-open.org/committees/security/ipr.php

Two of the relevant patents are U.S. Patent Nos. 6,085,320 and 6,189,098 "Client/Server Protocol for Proving Authenticity". The general idea described is where a client obtains a signed authentication assertion from an authority and then passes that signed assertion over an encrypted channel to a verifier (relying party) who, after validating the assertion, accepts it as proof of authentication of that user.

Two additional U.S. patents could also be relevant. These patents, U.S. Patent Nos. 5,922,074 and 6,249,873, both entitled "Method of and Apparatus for Providing Secure Distributed Directory Services and Public Key Infrastructure" were issued to Xcert Software, Inc., which was acquired by RSA Security in 2001. All four patents identified in this letter are covered by the license available to implementers of the SAML specification.

On review, RSA believes that the same four patents may be applicable to the use of signed security tokens such as SAML assertions or XrML licenses within WSS security headers. Our intention is to provide similar notice to OASIS of the applicable patents and to offer a royalty free license to cover WSS implementers under similar license criteria.

The URL for the US Patent and Trademark Office http://www.uspto.gov can be used to look up the appropriate patents by number for anyone interested in the details.

Andrew Nash

Director of Technology

CTO Office

RSA Security

617 470 4778

wss message