You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Sharam Fouladgar-Mercer <Sh...@appiancorp.com> on 2004/12/05 17:34:37 UTC

RE: Apache WSS4J's WS Security Implementation - WSS Licensing Requirements? 

Tony,
 
You make a VERY interesting point; I had not heard of this before. It would probably behoove the list's readers, I know it would for me, if anyone can state for sure whether you would have to apply for a license from MS, Verisign, and IBM...it seems this would be a headache for any company that wants to go with WS-Security? As Dims pointed out that WSS4J has not signed anything, are users of the software implementing WS-Security illegally?
 
Anyone have any thoughts, ideas?
 
Thanks,
Sharam

________________________________

From: Tony Opatha [mailto:topatha@yahoo.com]
Sent: Fri 12/3/2004 4:45 PM
To: dims@yahoo.com; axis-user@ws.apache.org; fx-dev@ws.apache.org
Cc: axis-dev@ws.apache.org
Subject: Apache WSS4J's WS Security Implementation - WSS Licensing Requirements? 


Hi, 
 
It seems that WS Security requires licensing arrangements from Microsoft, Verisign,
and IBM based on OASIS WS Security TC IPR statement
 
http://www.oasis-open.org/committees/wss/ipr.php
 
So, can someone please clarify:
 
1) if the users who to develop and deploy AXIS clients (using WS Security APIs 
from Apache WSS4J) will need to first apply for WS Security licensing arrangements 
with the required companies? 
 
2) Related to #1, Apache WSS4J is a public domain software, but is not the underlying 
WS Security requiring any licensing arranagements, or has the Apache worked out
a licensing arrangement already?
 
If the answer is yes, that users of WSS4J require WSS licensing arrangements,
perhaps this should be stated as part of the release notes for WSS4J.
 
Thanks in advance.
 
 
 
 
 
-----Original Message-----
From: Davanum Srinivas [mailto:dims@yahoo.com]
Sent: Friday, March 05, 2004 4:26 AM
To: axis-user@ws.apache.org
Subject: Re: what is the status of axis ws-security implementation?

http://ws.apache.org/ws-fx/wss4j/
--- Maciek Zywno <m....@amg.net.pl> wrote:
> Hello
> 
> I would like to use ws-security standard to secure my webservice. My 
> question is whether I would have to implement ws-security:
> - on my own by using axis handlers that use some external api ?
> - or does axis support ws-security out of the box?
> - or there is some apache ws-security library that easily integrates 
> with axis?
> - maybe you could suggest other solution
> 
> Thanks in advance for any hints!
> 
> Maciek
> 

=====
Davanum Srinivas - http://webservices.apache.org/~dims/

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Re: Apache WSS4J's WS Security Implementation - WSS Licensing Requirements?

Posted by Jongjin Choi <gu...@hotmail.com>.
What about SAML?
I heard that SAML also requires license from RSA.

look 
http://www.rsasecurity.com/solutions/standards/saml/
or 
http://www.rsasecurity.com/node.asp?id=2530

AFAIK, WSS4J uses opensaml.jar.

Dose anybody know that the opensaml guys resolve the license problem?

Thanks.
/Jongjin

----- Original Message ----- 
From: "Sharam Fouladgar-Mercer" <Sh...@appiancorp.com>
To: <ax...@ws.apache.org>; <di...@yahoo.com>; <ax...@ws.apache.org>; <fx...@ws.apache.org>
Cc: <ax...@ws.apache.org>
Sent: Monday, December 06, 2004 1:34 AM
Subject: RE: Apache WSS4J's WS Security Implementation - WSS Licensing Requirements? 


Tony,
 
You make a VERY interesting point; I had not heard of this before. It would probably behoove the list's readers, I know it would for me, if anyone can state for sure whether you would have to apply for a license from MS, Verisign, and IBM...it seems this would be a headache for any company that wants to go with WS-Security? As Dims pointed out that WSS4J has not signed anything, are users of the software implementing WS-Security illegally?
 
Anyone have any thoughts, ideas?
 
Thanks,
Sharam

________________________________

From: Tony Opatha [mailto:topatha@yahoo.com]
Sent: Fri 12/3/2004 4:45 PM
To: dims@yahoo.com; axis-user@ws.apache.org; fx-dev@ws.apache.org
Cc: axis-dev@ws.apache.org
Subject: Apache WSS4J's WS Security Implementation - WSS Licensing Requirements? 


Hi, 
 
It seems that WS Security requires licensing arrangements from Microsoft, Verisign,
and IBM based on OASIS WS Security TC IPR statement
 
http://www.oasis-open.org/committees/wss/ipr.php
 
So, can someone please clarify:
 
1) if the users who to develop and deploy AXIS clients (using WS Security APIs 
from Apache WSS4J) will need to first apply for WS Security licensing arrangements 
with the required companies? 
 
2) Related to #1, Apache WSS4J is a public domain software, but is not the underlying 
WS Security requiring any licensing arranagements, or has the Apache worked out
a licensing arrangement already?
 
If the answer is yes, that users of WSS4J require WSS licensing arrangements,
perhaps this should be stated as part of the release notes for WSS4J.
 
Thanks in advance.
 
 
 
 
 
-----Original Message-----
From: Davanum Srinivas [mailto:dims@yahoo.com]
Sent: Friday, March 05, 2004 4:26 AM
To: axis-user@ws.apache.org
Subject: Re: what is the status of axis ws-security implementation?

http://ws.apache.org/ws-fx/wss4j/
--- Maciek Zywno <m....@amg.net.pl> wrote:
> Hello
> 
> I would like to use ws-security standard to secure my webservice. My 
> question is whether I would have to implement ws-security:
> - on my own by using axis handlers that use some external api ?
> - or does axis support ws-security out of the box?
> - or there is some apache ws-security library that easily integrates 
> with axis?
> - maybe you could suggest other solution
> 
> Thanks in advance for any hints!
> 
> Maciek
> 

=====
Davanum Srinivas - http://webservices.apache.org/~dims/

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Re: Apache WSS4J's WS Security Implementation - WSS Licensing Requirements?

Posted by Jongjin Choi <gu...@hotmail.com>.
What about SAML?
I heard that SAML also requires license from RSA.

look 
http://www.rsasecurity.com/solutions/standards/saml/
or 
http://www.rsasecurity.com/node.asp?id=2530

AFAIK, WSS4J uses opensaml.jar.

Dose anybody know that the opensaml guys resolve the license problem?

Thanks.
/Jongjin

----- Original Message ----- 
From: "Sharam Fouladgar-Mercer" <Sh...@appiancorp.com>
To: <ax...@ws.apache.org>; <di...@yahoo.com>; <ax...@ws.apache.org>; <fx...@ws.apache.org>
Cc: <ax...@ws.apache.org>
Sent: Monday, December 06, 2004 1:34 AM
Subject: RE: Apache WSS4J's WS Security Implementation - WSS Licensing Requirements? 


Tony,
 
You make a VERY interesting point; I had not heard of this before. It would probably behoove the list's readers, I know it would for me, if anyone can state for sure whether you would have to apply for a license from MS, Verisign, and IBM...it seems this would be a headache for any company that wants to go with WS-Security? As Dims pointed out that WSS4J has not signed anything, are users of the software implementing WS-Security illegally?
 
Anyone have any thoughts, ideas?
 
Thanks,
Sharam

________________________________

From: Tony Opatha [mailto:topatha@yahoo.com]
Sent: Fri 12/3/2004 4:45 PM
To: dims@yahoo.com; axis-user@ws.apache.org; fx-dev@ws.apache.org
Cc: axis-dev@ws.apache.org
Subject: Apache WSS4J's WS Security Implementation - WSS Licensing Requirements? 


Hi, 
 
It seems that WS Security requires licensing arrangements from Microsoft, Verisign,
and IBM based on OASIS WS Security TC IPR statement
 
http://www.oasis-open.org/committees/wss/ipr.php
 
So, can someone please clarify:
 
1) if the users who to develop and deploy AXIS clients (using WS Security APIs 
from Apache WSS4J) will need to first apply for WS Security licensing arrangements 
with the required companies? 
 
2) Related to #1, Apache WSS4J is a public domain software, but is not the underlying 
WS Security requiring any licensing arranagements, or has the Apache worked out
a licensing arrangement already?
 
If the answer is yes, that users of WSS4J require WSS licensing arrangements,
perhaps this should be stated as part of the release notes for WSS4J.
 
Thanks in advance.
 
 
 
 
 
-----Original Message-----
From: Davanum Srinivas [mailto:dims@yahoo.com]
Sent: Friday, March 05, 2004 4:26 AM
To: axis-user@ws.apache.org
Subject: Re: what is the status of axis ws-security implementation?

http://ws.apache.org/ws-fx/wss4j/
--- Maciek Zywno <m....@amg.net.pl> wrote:
> Hello
> 
> I would like to use ws-security standard to secure my webservice. My 
> question is whether I would have to implement ws-security:
> - on my own by using axis handlers that use some external api ?
> - or does axis support ws-security out of the box?
> - or there is some apache ws-security library that easily integrates 
> with axis?
> - maybe you could suggest other solution
> 
> Thanks in advance for any hints!
> 
> Maciek
> 

=====
Davanum Srinivas - http://webservices.apache.org/~dims/

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com