You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by Davanum Srinivas <di...@yahoo.com> on 2003/06/11 17:19:29 UTC

RE: [Fwd: Encryption and Algorithms]

Thanks for the nudge. Updated http://ws.apache.org/ (deleted xml-security from ws.apache.org main
page). 

FYI, you will see a bit more activity next week in ws.apache.org. If you want to get involved,
please subscribe to general@ws.apache.org

-- dims

--- Scott Cantor <ca...@osu.edu> wrote:
> > Cancel #2.  If I'd just done 5 minutes more research I would have picked 
> > the obvious.  RSA the algorithm is fine (came out of patent in 2000 - 
> > which I knew if I'd bothered to think) - the patents relate to other 
> > technologies/features with SAML.
> 
> Saved me posting exactly that.
> 
> > Scott - if you're on the list I'd be very interested to know what the 
> > actual patent issues are.  Where did the OpenSAML Apache proposal get 
> > to?  It seems to have petered out in March?
> 
> The RSA web site is fairly self-explanatory, I think.
> http://www.rsasecurity.com/solutions/standards/saml/
> 
> I'm not in a position to know whether the patents are valid. I tried to read the two that they
> publically referenced, and got
> nowhere. I prefer to focus on the language of the license, which is fairly clear. Internet2
> applied for and signed the license so
> that we can distribute Shibboleth as a SAML application. That covers any users of Shibboleth,
> but not OpenSAML, which is a toolkit.
> 
> Anyone else using OpenSAML has to obtain the license from RSA at no cost, but it's a legal
> document, so most companies would have to
> have a VP sign it. Unfortunate, but that's the way it is.
> 
> The subtle (and very nice) thing about the license is that it's perpetual. RSA can't
> unilaterally terminate it, so they can't try
> and start collecting money from people who signed the agreement later, only newbies. This was
> pretty important to me.
> 
> As far as Apache goes, they (the board) believe that these terms make SAML unacceptable, so I
> think unless RSA agrees on a different
> set of terms, it's a dead issue at this point. Nothing I can really do, as I have no pull with
> any of the parties involved. I don't
> think Internet2 is inclined to push it, but that might change in the future.
> 
> I believe there is no way for any real web services work to happen in Apache, as these terms are
> clear and benign in comparison to
> what some of the other specs look like, IMHO.
> 
> I note the ws.apache.org site appears to be frozen these days. It's still referencing
> XML-Security, even.
> 
> -- Scott
> 


=====
Davanum Srinivas - http://webservices.apache.org/~dims/

__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com