The current document was produced
within the TC, and I consider Phill and I to have been its authors and
submitters. With regard to this document, RSA Security and
VeriSign are evaluating the prospect of providing a joint IP statement as was
suggested on the 21 March TC call, but no determination has yet been reached on
this question.
With respect to the prior RSA Security submission to the TC
which formed an input to the current document, I consider myself to have been
its author and submitter. Comments were received, considered, and sometimes
reflected from others as it evolved through successive published drafts, but
this seems distinct from authorship, at least in the sense in which I’m
accustomed to using that term. Two individuals (not TC members) were acknowledged
and named in the submitted document based on having provided comments that were
valuable in improving it, and we believe that the applicable OASIS IPR policy
requirements were satisfied with respect to those named contributors when the
RSA Security submission was made. I’m glad that the
submission’s technical content was able to benefit from comments
contributed, but regret that the fact of their inclusion has caused concern
within the TC.
--jl
From: Anthony Nadalin
[mailto:drsecure@us.ibm.com]
Sent: Tuesday, March 28, 2006 4:43
PM
To: Hallam-Baker, Phillip
Cc: Abbie Barbir; Linn, John;
wss@lists.oasis-open.org
Subject: RE: [wss] Groups - OTP
Token Consolidated Input Submission (wss-v1 1-spec-os-OTPTokenProfile.pdf)
uploaded
Understand, I think the issues revolve around the RSA
submission and now we only have one document which includes the Verisign
proposal so they can't be separated.
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
"Hallam-Baker,
Phillip" <pbaker@verisign.com>
|
"Hallam-Baker,
Phillip" <pbaker@verisign.com> 03/28/2006 03:27 PM |
|
From VeriSign's
point of view we sent this out to OATH members for comment. No comments were
received other than confirmation of receipt and having read it.
The only authors I am aware of
at the VeriSign end are myself and Hans Granquist.
From: Abbie Barbir [mailto:abbieb@nortel.com]
Sent: Tuesday, March 21, 2006 11:01 AM
To: Anthony Nadalin; Linn, John
Cc: wss@lists.oasis-open.org
Subject: RE: [wss] Groups - OTP Token Consolidated Input Submission
(wss-v1 1-spec-os-OTPTokenProfile.pdf) uploaded
Yes,
I do second Tony concerns.
Abbie
From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
Sent: Tuesday, March 21, 2006 8:48 AM
To: Linn, John
Cc: wss@lists.oasis-open.org
Subject: RE: [wss] Groups - OTP Token Consolidated Input Submission
(wss-v1 1-spec-os-OTPTokenProfile.pdf) uploaded
If we
look at the rest of the specifications in this TC we see that each of the
authors have been able to make written statements that they are contributing
the specification(s) to OASIS, with a clear statement about IP, this does not
seem to be the case with this new specification. While you may have satisfied
the section 3.1 this is a change from the rest of the specifications in the TC
and IBM has concerns.
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
"Linn, John"
<jlinn@rsasecurity.com>
|
"Linn,
John" <jlinn@rsasecurity.com> 03/21/2006 07:25 AM |
|
Tony,
Thanks for the follow-up. I thought that this question had been resolved last
fall, at least with respect to the RSA submission. As I understand the OASIS legacy
IPR policy, sec. OASIS.IPR.3.1, requirements are levied on submitters with
regard to the contributors named within a contribution (including a
representation that major contributors are properly acknowledged), and
it’s our position as submitter that those requirements have been
satisfied with respect to this submission.
--jl
From: Anthony Nadalin
[mailto:drsecure@us.ibm.com]
Sent: Tuesday, March 21, 2006 6:47 AM
To: wss@lists.oasis-open.org
Subject: Re: [wss] Groups - OTP Token Consolidated Input Submission
(wss-v1 1-spec-os-OTPTokenProfile.pdf) uploaded
John,
thanks for posting. I will go back to my IP issues I posted last year on this
subject as in Appendix A of the document referenced below is are listed many
contributors that are identified and many contributors that are not identified.
So IBM has concerns as in the past (with the other specs we have worked on in
this TC) we have been able to identify all of the authors of the
specification(s) and they have been able to make written statements that they
are contributing the specification(s) to OASIS, with a clear statement about
IP. It seems that this can't be done with this document and thus we potentially
expose the TC to a situation where the ownership and IP of the document's
content is at best unclear.
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
jlinn@rsasecurity.com
|
jlinn@rsasecurity.com 03/09/2006 11:38 AM |
|
Per the plan that Phill indicated in his 1 March message to the TC, weve
been working since then to produce a consolidated OTP-Token draft
reflecting contributions from both VeriSign and RSA Security. Im pleased
to report that this process has proceeded expeditiously and effectively,
and that were now able to upload a version with no technical conflicts
flagged as pending resolution. This is an initial draft, and we expect
that some changes following review will take place enroute to a
corresponding Committee Draft, but we believe that it represents a suitable
basis to support discussion within the TC. We look forward to your
comments, via email and/or at the next TC call on 21 March.
-- Mr John Linn
The document named OTP Token Consolidated Input Submission (wss-v1
1-spec-os-OTPTokenProfile.pdf) has been submitted by Mr John Linn to the
OASIS Web Services Security (WSS) TC document repository.
Document Description:
Profile for use of One-Time Password (OTP) tokens with WSS.
View Document Details:
http://www.oasis-open.org/apps/org/workgroup/wss/document.php?document_id=17081
Download Document:
http://www.oasis-open.org/apps/org/workgroup/wss/download.php/17081/wss-v1%201-spec-os-OTPTokenProfile.pdf
PLEASE NOTE: If the above links do not work for you, your email application
may be breaking the link into two pieces. You may be able to copy and paste
the entire link address into the address field of your web browser.
-OASIS Open Administration