Tony,
RSA registered some time ago that we have IP we believe is applicable to the WSS use of SAML tokens under some conditions. Unfortunately the latest link to the IP agreement at RSA still has not been updated despite chasing the problem with the OASIS folks for a while now. The relevant claims and applicable patents have been identified for some time.
I appreciate your concern to ensure this is clarified well prior to the final vote.
The link that should be inserted in the IP statement is:
http://www.rsasecurity.com/node.asp?id=2531
--Andrew
From: Anthony Nadalin
[mailto:drsecure@us.ibm.com]
Sent: Thursday, June 03, 2004 8:24
PM
To: Nash, Andrew
Cc: Bill Smith;
wss@lists.oasis-open.org
Subject: RE: [wss] RSA license and
the upcoming SAML Interop
Since OASIS is on an individual membership I had no
idea and since the other IPR statements clearly state the company name in the
claim, so thanks for clarifying. I never said I had an issue with
"believe" I had a problem with "we believe" its Bill that
took it out of context.
Why is this an issue, because so far we had no IPR statement on the SAML Token
Profile and I wanted to make sure that when it come time to vote that I have
all the facts, instead of waiting to last minute to bring up issues like folks
have done in the past.
Anthony Nadalin | work 512.838.0085 | cell 512.289.4122
"Nash,
Andrew" <ANash@rsasecurity.com>
|
"Nash, Andrew" <ANash@rsasecurity.com> 06/03/2004 03:54 PM |
|
Tony,
To be
clear, I was speaking on behalf of RSA. I am not sure why that should ever have
been in doubt as I was responsible for posting the IP notice. I am not going to
restate in ad hoc terms what the applicability of the IP may be – that is
the purpose of very expensive and carefully worded patent applications.
As Bill
has quite succinctly pointed out the use of the word “believe” in
the context of IP assertions is normal practice.
RSA
(that would be the “we” in this case) has extended an ROYALTY FREE
reciprocal license in these areas, not only for the interop event but also for
general implementations of WSS. Unlike owners of other IP in this area we have
made it clear that we will not be seeking to make revenue from licensing this
technology.
I may
have missed something in your description of the problem, but I frankly do not
understand why this has become such a monumental issue.
--Andrew
From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
Sent: Wednesday, June 02, 2004 12:38 PM
To: Bill Smith
Cc: 'wss@lists.oasis-open.org'
Subject: Re: [wss] RSA license and the upcoming SAML Interop
I had
reviewed the link you posted before I posted my append, and I have no context
for the "we
believe", is
this Andrew, or is this RSA or some other entity ? Thus the difference in the
link and what is posted from Andrew.
Anthony Nadalin | work 512.838.0085 | cell 512.289.4122
Bill Smith <Bill.Smith@Sun.COM>
|
Bill Smith <Bill.Smith@Sun.COM> 06/02/2004 10:49 AM |
|
In reviewing the IPR declarations for WS-Security (http://www.oasis-open.org/committees/wss/ipr.php), it seems that all of the individual
IPR notices contain the word "believes". I assume these declarations
(from ContentGuard, Microsoft, and RSA) were acceptable under OASIS IPR Policy.
If so, I don't see the problem with the text quoted below.
Anthony Nadalin wrote:
There was a action item that was closed today AI #280.
The wording below is not definitive ("we believe") which is somewhat
worry some, can we please make a clear IPR statement as IPR
statement (I take this as an IPR statement) is worded in such a way as to
suggest that doing anything "useful" with the SAML profile and
encrypted channels may require licensing RSA patents.
I would like to either reopen AI #280 or create a new AI to cover these
concerns.
Anthony Nadalin | work 512.838.0085 | cell 512.289.4122
"Nash, Andrew" <ANash@rsasecurity.com>
|
"Nash, Andrew" <ANash@rsasecurity.com> 05/04/2004 04:51 PM |
|
After some careful review today, we believe that it will not be necessary for
implementers engaged in supporting the upcoming interop scenarios to sign the RF license
agreement with RSA, provided that Scenario #3 does not make use of an encrypted
channel between the Requestor and Responder.
--Andrew