[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Revised WSS OTP-Token proposal
It’s unclear to me how these requests relate to the OASIS legacy IPR policy (http://www.oasis-open.org/who/ipr/intellectual_property_2000-1-13.php), which I understand as governing the treatment of intellectual property by the TC. As far as I can see there, the policy requires acknowledgment of “major contributors”, not exhaustive identification and enumeration of all individuals who have been involved in review and comment on a contribution (which can often be difficult to accomplish outside the context of organizations with defined membership lists). Further, the policy does not appear to impose any requirement that non-submitting contributors must be members of the TC to which a contribution is being made.
From: Paul Cotton
>but have requested that OTPS participants who have been involved in review and comment on its predecessor drafts inform us of any such claims.
Can you identify the "OTPS participants"?
Will they be joining the TC so that they will be covered by the same IP rules as the other existing TC members?
The RSA/OTPS document in question does not specify a particular OTP method, but instead proposes a method-independent profile that can be used to apply a variety of OTP methods along with WSS. In essence, therefore, its scope is comparable to that of the proposed work item; along with other inputs, we would hope that it would contribute relevant work which would be useful in constructing the anticipated deliverable.
For reference, the document is available at ftp://ftp.rsasecurity.com/pub/otps/wss-token/wss-token-v1-0.pdf. I don’t anticipate that further technical changes would take place before a TC submission, though some frontmatter and administrative revisions may be made. WRT IPR, the document states as follows (within Appendix B, Notices):
“RSA Security does not make any claims on the general constructions described in this document. The RSA SecurID technology implementations of time-based mode authenticator token devices, and related validation processing components, are covered by a number of US patents (and foreign counterparts), in particular US Patent Nos. 4,885,778; 4,856,062; 5,097,505; 5,168,520 and 5,657,388. Additional patents are pending. As this specification can be implemented without the use of time-based mode authentication technology, it is RSA Security’s position that the technology covered by these patents and applications is not required to implement this specification.”
Further, we are not currently aware of any IP claims which others may make which would affect the general constructions as described in this document, but have requested that OTPS participants who have been involved in review and comment on its predecessor drafts inform us of any such claims.
From: Anthony Nadalin
still confusing as its states that "RSA Security proposes to submit a
version of this document as