You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by Davanum Srinivas <di...@yahoo.com> on 2003/06/11 17:19:29 UTC
RE: [Fwd: Encryption and Algorithms]
Thanks for the nudge. Updated http://ws.apache.org/ (deleted xml-security from ws.apache.org main
page).
FYI, you will see a bit more activity next week in ws.apache.org. If you want to get involved,
please subscribe to general@ws.apache.org
-- dims
--- Scott Cantor <ca...@osu.edu> wrote:
> > Cancel #2. If I'd just done 5 minutes more research I would have picked
> > the obvious. RSA the algorithm is fine (came out of patent in 2000 -
> > which I knew if I'd bothered to think) - the patents relate to other
> > technologies/features with SAML.
>
> Saved me posting exactly that.
>
> > Scott - if you're on the list I'd be very interested to know what the
> > actual patent issues are. Where did the OpenSAML Apache proposal get
> > to? It seems to have petered out in March?
>
> The RSA web site is fairly self-explanatory, I think.
> http://www.rsasecurity.com/solutions/standards/saml/
>
> I'm not in a position to know whether the patents are valid. I tried to read the two that they
> publically referenced, and got
> nowhere. I prefer to focus on the language of the license, which is fairly clear. Internet2
> applied for and signed the license so
> that we can distribute Shibboleth as a SAML application. That covers any users of Shibboleth,
> but not OpenSAML, which is a toolkit.
>
> Anyone else using OpenSAML has to obtain the license from RSA at no cost, but it's a legal
> document, so most companies would have to
> have a VP sign it. Unfortunate, but that's the way it is.
>
> The subtle (and very nice) thing about the license is that it's perpetual. RSA can't
> unilaterally terminate it, so they can't try
> and start collecting money from people who signed the agreement later, only newbies. This was
> pretty important to me.
>
> As far as Apache goes, they (the board) believe that these terms make SAML unacceptable, so I
> think unless RSA agrees on a different
> set of terms, it's a dead issue at this point. Nothing I can really do, as I have no pull with
> any of the parties involved. I don't
> think Internet2 is inclined to push it, but that might change in the future.
>
> I believe there is no way for any real web services work to happen in Apache, as these terms are
> clear and benign in comparison to
> what some of the other specs look like, IMHO.
>
> I note the ws.apache.org site appears to be frozen these days. It's still referencing
> XML-Security, even.
>
> -- Scott
>
=====
Davanum Srinivas - http://webservices.apache.org/~dims/
__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com