Ballot: Approve SAML 2.0 as an OASIS Standard |
Company:Unknown |
Vote:No |
Comment:We believe there is IPR issues to be resolved
for this specification. So we would like to propose
this TC and OASIS Board of Directors to work on
IPR issues for this spec. Please note Fujitsu
would like this spec to be OASIS standard, if these
issues are resolved.
See the following background and details:
- In April 2003, 4 members (from HP, Sun, RSA Security and Nokia) of
the SSTC (Security Services TC) submitted the Liberty Alliance
specifications for consideration in preparing future versions of
SAML.
- The submittal letter is placed on the SSTC IPR page:
http://www.oasis-open.org/committees/security/ipr.php
- This letter doesn't explicitly disclose the patent information
regarding submitted (Liberty) specs but just tells us that such
information is available on the Liberty Alliance web site.
- On Liberty Alliance IPR page, 5 companies disclose their
patent/patent application and license information regarding Liberty
specs and 4 of them are regarding the specs submitted to OASIS
(ID-FF).
- AOL Time Warner, Inc.
- Catavault
- Citigroup, Inc.
- Fidelity Investments
http://www.projectliberty.org/about/ipr.php
- Of course, disclosed license terms only mention about the case when
implementing Liberty specs (not SAML v2 specs).
- The SSTC incorporated the submitted Liberty specs to the SAML v2.
I think it is reasonable that the disclosed patent/patent
application regarding Liberty ID-FF also apply to the SAML v2.
FYI, Here is a comment I've got from the SSTC chair, Robert Philpott:
| I have not reviewed the actual patents and patent applications that are
| described in the IP declarations posted at the Liberty site. Thus, I
| cannot speak to whether they are definitely still in use by SAML 2.0.
| However, since they were claimed for ID-FF, and SAML 2.0 has
| incorporated all of ID-FF's features, it is likely that they apply to
| SAML 2.0. The SSTC made no effort to engineer around the claims.
- Now, we would like to have IPR/license information regarding the
SAML v2 (not regarding Liberty ID-FF) clarified. This is the issue.
- After Nishimura posted this issue to the SSTC list, Anthony Nadalin
from IBM also raised the issue to James Bryce Clark (OASIS staff)
but not to OASIS Board of Directors.
- Until now, AOL, Fidelity and RSA Security, which are OASIS members,
have disclosed their IPR and license information regarding the SAML
v2.
- But non-OASIS members, Catavault and Citigroup, Inc. have not.
- According OASIS IPR Policy 3.2, if any patents, patent applications,
or other IPRs are formally brought to the attention of the OASIS
Board of Directors, the OASIS Executive Director shall take an
action (attempt to obtain a written assurance).
------------------------------------------------------------------------
OASIS.IPR.3.2. OASIS Specifications
(A) Where any patents, patent applications, or other proprietary
rights are known, or claimed, with respect to any specification
developed within the OASIS process, and are formally brought to the
attention of the OASIS Board of Directors, the OASIS Board of
Directors shall not advance the specification without including in the
document a note indicating the existence of such rights, or claimed
rights. ...
(C) Where the OASIS Board of Directors is formally notified of rights,
or claimed rights under (A), the OASIS Executive Director shall
attempt to obtain from the claimant of such rights a written assurance
that upon approval by the OASIS Board of Directors of the relevant
OASIS specification(s), any party will be able to obtain the right to
implement, use and distribute the technology or works when
implementing, using or distributing technology based upon the specific
specification(s) under openly specified, reasonable,
non-discriminatory terms. ...
------------------------------------------------------------------------ |
|