incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Cantor <canto...@osu.edu>
Subject RE: Revised OpenSAML proposal
Date Wed, 29 Jan 2003 21:38:37 GMT
> Points to watch
> ----------------
> One active committer is not much... this will be our main point to 
> watch, and see that it gains momentum.

As the committer in question, I more than agree. My focus is and will be for a while on Shibboleth,
so our goal has been to get to a
stable state so that OpenSAML would have a life of its own if the interest is there.

> Blockers?
> -----------
> "Are there IPR-related concerns with SAML (patents held by RSA but 
> offered royalty free)?"
> 
> Can you please elaborate more on this?

I can't elaborate as much as I'd like, but the relevant OASIS pointer is:
http://www.oasis-open.org/committees/security/rsa-ipr-statement-SAML3b-OASIS-2002-04-22.shtml

The particulars in regard to a library like OpenSAML are that both the distributor of the
toolkit (currently Internet2, presumably
the ASF in this context) and any users of the toolkit have to obtain a royalty-free license.

Past discussion with RSA's OASIS SSTC reps (not their lawyers I want to emphasize) are that
RSA intends a fax-back type of license.

Recent discussion has not really clarified much, and while I've heard rumors of more liberal
terms (possibly none for toolkits),
they are only rumors to me. RSA has yet to define the precise license or the terms, but has
been urged to do so by the SSTC. Sun is
already selling one product, for example.

Anyway, I'm not a lawyer and I don't play one on TV. And I'm not about to argue for or against
the patent claims (my own opinions
notwithstanding).

But certainly the web services (and web services security) space is full of this stuff, most
of it often much less clear than this,
so welcome to the thunderdome.

-- Scott


Mime
View raw message