Return-Path: 
 <dev-return-46291-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 42280 invoked from network); 1 Mar 2005 16:51:40 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 1 Mar 2005 16:51:40 -0000
Received: (qmail 20498 invoked by uid 500); 1 Mar 2005 16:51:36 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 20476 invoked by uid 500); 1 Mar 2005 16:51:36 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 20460 invoked by uid 99); 1 Mar 2005 16:51:36 -0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=
X-Spam-Check-By: apache.org
Received-SPF: pass (hermes.apache.org: local policy)
Received: from Unknown (HELO tartaros.codefaktor.de) (62.146.108.218)
  by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 01 Mar 2005 08:51:35 -0800
Received: from [127.0.0.1] (localhost.localdomain [127.0.0.1])
	by tartaros.codefaktor.de (8.12.8/8.12.8) with ESMTP id j21GpULs014010
	for <dev@httpd.apache.org>; Tue, 1 Mar 2005 17:51:31 +0100
Mime-Version: 1.0 (Apple Message framework v619.2)
In-Reply-To: <a916c11727415ed5ea13191bb4cebe81@smo.uhi.ac.uk>
References: 
 <6.2.1.2.2.20050228142137.07737eb0@pop3.rowe-clan.net><20050228210955.23366.qmail@mail.infinology.com><opsmxerqknrf0xls@ganesha.library.cornell.edu><6.2.1.2.2.20050301000016.09d1cb70@pop3.rowe-clan.net><422413DA.50106@force-elite.com>
 <49679.67.138.149.162.1109684861.squirrel@67.138.149.162>
 <19396.196.8.104.37.1109686697.squirrel@www.sharp.fm>
 <a916c11727415ed5ea13191bb4cebe81@smo.uhi.ac.uk>
Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-2-392187684;
 protocol="application/pkcs7-signature"
Message-Id: <7150f154a5a66b7b2bc7418895decd45@codefaktor.de>
From: Erik Abele <erik@codefaktor.de>
Subject: Re: Authentication Needs for Apache: Was Re: Puzzling News
Date: Tue, 1 Mar 2005 17:51:29 +0100
To: dev@httpd.apache.org
X-Mailer: Apple Mail (2.619.2)
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N


--Apple-Mail-2-392187684
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

On 01.03.2005, at 15:52, Sean Mehan wrote:

> Just a pointer to something that is gaining a bit of ground in various  
> circles:
>
>
> http://www.oasis-open.org/committees/download.php/11511/sstc-saml- 
> tech-overview-2.0-draft-03.pdf
>
> found at
>
> http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
>
>
> This is about SAML, a vocabulary for exchange of authentication and  
> authorization data about users trying to access resources. With this  
> capability built in, one can write policies for users originating from  
> other sites.

The problem I see with SAML and it's specs is that RSA holds patents on  
it and although these patens are made available under a royalty-free  
license, every end-user must obtain their own licsense from RSA. That  
alone is a requirement which goes far beyond the requirements of the  
Apache License and furthermore there are some other constraints (e.g.  
licensees must grant RSA the same rights to any patents they own).

Find the details at  
http://www.oasis-open.org/committees/security/ipr.php.

> There is an implementation of this for what used to be called  
> (resource) targets, now called SP [service provider]s, which compiles  
> and runs under apache 1.3/2.0
> found at http://shibboleth.internet2.edu/

Hmm, I think both, opensaml.org and shibboleth.internet2.edu are not  
conforming to RSA's license requirements:

"The license terms for the RSA Patents will permit end-users to use the  
Licensed Products. However, in the event that a Licensed Product is a  
product (such as a toolkit product or operating system service) that is  
used to develop other products, the license will require the licensee  
of the RSA Patents to notify users of the Licensed Products that such  
users must obtain a license directly from RSA for the RSA Patents. RSA  
is willing to grant such licenses on the same non-exclusive,  
royalty-free terms described above."

I don't find any such notice on both pages, just their usual license  
which is misleading in this case, e.g.  
http://www.opensaml.org/license.html

IMHO we should avoid touching this sort of stuff...

Cheers,
Erik

--Apple-Mail-2-392187684
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Disposition: attachment;
	filename=smime.p7s

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGGDCCAtEw
ggI6oAMCAQICAw3hHDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh
d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt
YWlsIElzc3VpbmcgQ0EwHhcNMDUwMTI0MjE1MDE1WhcNMDYwMTI0MjE1MDE1WjBEMR8wHQYDVQQD
ExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSEwHwYJKoZIhvcNAQkBFhJlcmlrQGNvZGVmYWt0b3Iu
ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY029EKPOjeQT40rJROnJFCUhSkcoK
1FXGxLnFEIIfHLuWXJmcRBSAh2u7bAsvCi43Oc9u2LoJZe2/O5smRbRCfNqy/as8fOGlp/QFsyCe
sQeiMj5YrttRRRS7/xekCZhZAJ7jTayZmoVmgAamFNGBnbOXWNQNv3FIS3MUA1luBs251c8mTpE6
8fXTeMDgmUNwTPanluhsPrH/jhpTjfHJYw4OqNQm0U+EurYF9ZeJBxz0SrHsp3yn8UTATCs+pRPZ
ibseGrkCaR86dQRwLe6VgR0QMRJ8QC/iknIhIV4oZSuxnPw5vh3JUi/YrzzGZc0S+wQ/kpXx0kQY
pFvxKNFxAgMBAAGjLzAtMB0GA1UdEQQWMBSBEmVyaWtAY29kZWZha3Rvci5kZTAMBgNVHRMBAf8E
AjAAMA0GCSqGSIb3DQEBBAUAA4GBAK6lXG1DfolEhBy5k/Li5Nz0WQS4LolhYO3wuhJwvt08GW0F
u5CsCB5hniRHkuYqjvm0lpXAVjaQs/FqvHGobiPVPpqt0ICAUFZulLpWY7AYwE7EtLvEdLIhNFEI
q75WXf5nWbtgs8Pi/+ttnS/MONgETIS0feA+QPb3LuVWdQ18MIIDPzCCAqigAwIBAgIBDTANBgkq
hkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UE
BxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlm
aWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt
YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAz
MDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0
ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1
BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fx
H5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wID
AQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2Ny
bC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkG
A1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOB
gQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZ
foSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4
gtwhGTXeJLHTHUb/XV9lTzGCAucwggLjAgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo
YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVl
bWFpbCBJc3N1aW5nIENBAgMN4RwwCQYFKw4DAhoFAKCCAVMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
DQEHATAcBgkqhkiG9w0BCQUxDxcNMDUwMzAxMTY1MTMwWjAjBgkqhkiG9w0BCQQxFgQUiBddwoul
+FqCWfDCBCIJgJ5nAQYweAYJKwYBBAGCNxAEMWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc
VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZy
ZWVtYWlsIElzc3VpbmcgQ0ECAw3hHDB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkEx
JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ
ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMN4RwwDQYJKoZIhvcNAQEBBQAEggEA0rVD7Zlx
+hCb8EhSCt8Up4suWU5wWHSmc6brzZTpNfZvpu6caAS4lSf5fQlaLEE5e/TD1bWA7M7dfPsEW4gU
Dn/sOqVIqkJce0brYmvEpVnPDGgok5vcHpeYFtqoCVYHMlwXCYRrGd8UAm/kS+rrK6IQjoc1u29X
2qs5Ui/iOtQoc+MVtvO5N+OOkgAKgcKliaolDT+vCu55aYzKe0MeYXusomin7JQgDT3oC0TtOuL3
mTnTGotAv2Uz5fv/5qQeMq1Do1xXpnpqk44e8z4pgxgizxFFKkXqVFyqgP1aH42XRLpFY6FNFcrY
d0vbgZvnKH4SMdOYw2HuhdIV//zRmAAAAAAAAA==

--Apple-Mail-2-392187684--