ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davanum Srinivas <>
Subject RE: [Fwd: Encryption and Algorithms]
Date Wed, 11 Jun 2003 15:19:29 GMT
Thanks for the nudge. Updated (deleted xml-security from

FYI, you will see a bit more activity next week in If you want to get involved,
please subscribe to

-- dims

--- Scott Cantor <> wrote:
> > Cancel #2.  If I'd just done 5 minutes more research I would have picked 
> > the obvious.  RSA the algorithm is fine (came out of patent in 2000 - 
> > which I knew if I'd bothered to think) - the patents relate to other 
> > technologies/features with SAML.
> Saved me posting exactly that.
> > Scott - if you're on the list I'd be very interested to know what the 
> > actual patent issues are.  Where did the OpenSAML Apache proposal get 
> > to?  It seems to have petered out in March?
> The RSA web site is fairly self-explanatory, I think.
> I'm not in a position to know whether the patents are valid. I tried to read the two
that they
> publically referenced, and got
> nowhere. I prefer to focus on the language of the license, which is fairly clear. Internet2
> applied for and signed the license so
> that we can distribute Shibboleth as a SAML application. That covers any users of Shibboleth,
> but not OpenSAML, which is a toolkit.
> Anyone else using OpenSAML has to obtain the license from RSA at no cost, but it's a
> document, so most companies would have to
> have a VP sign it. Unfortunate, but that's the way it is.
> The subtle (and very nice) thing about the license is that it's perpetual. RSA can't
> unilaterally terminate it, so they can't try
> and start collecting money from people who signed the agreement later, only newbies.
This was
> pretty important to me.
> As far as Apache goes, they (the board) believe that these terms make SAML unacceptable,
so I
> think unless RSA agrees on a different
> set of terms, it's a dead issue at this point. Nothing I can really do, as I have no
pull with
> any of the parties involved. I don't
> think Internet2 is inclined to push it, but that might change in the future.
> I believe there is no way for any real web services work to happen in Apache, as these
terms are
> clear and benign in comparison to
> what some of the other specs look like, IMHO.
> I note the site appears to be frozen these days. It's still referencing
> XML-Security, even.
> -- Scott

Davanum Srinivas -

Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).

View raw message