[OGSA-AUTHZ] SAML + Attribute Certificates and the TLS-AUTHZ RFC

Fredrik Hedman hedman at kth.se
Fri Jun 1 08:48:11 CDT 2007 

Hi,

In the OMII-Europe project we are have been considering how the  
proposed TLS-AUTHZ RFC
could be used in connection with Grid Mw interoperability.  In  
principle this is a very useful RFC
that joins TLS, attribute certificates and SAML in an interesting  
constellation:  TLS-AUTHZ is a
way to enable authorization within the TLS
protocol that supports both X.509 Attribute Certificates and SAML  
Assertions, see:
<http://www.ietf.org/internet-drafts/draft-housley-tls-authz- 
extns-07.txt>.
(It is implemented in GnuTLS.) However, there exists a patent license  
that covers
the technology, see:
<https://datatracker.ietf.org/public/ipr_detail_show.cgi?&ipr_id=833>.
The patent is at http://www.wipo.int/pctdb/en/wo.jsp?wo=2006081085

The patent appears to cover (see claims 14-19) several common operations
which uses authorization data, including 'purchase orders', 'request a
document', 'enter into an agreement', 'receiving electronic funds
transmission', 'receiving a voting ballot'.

The patent license (see link above) grants rights to use the patent
except for situations where you 1) explicitly reference a 'legal
agreement' by a unique key, a name, file system reference, date,
checksum etc, or 2) implicitly reference the 'legal agreement' by using
the sender identity.

The IETF is currently evaluating whether to publish the protocol as a
standard, and they are asking for input to be sent to tls at ietf.org, see
<http://article.gmane.org/gmane.ietf.tls/2535>.

One approach would be to publish the document as an informational or
experimental document.  That would remove some of the IETF 'standard'
label of the document.  It is still published as an RFC, useful for
references and to document the protocol.

How this patent came about can be discussed and clearly there should  
be plenty
of prior art.  In fact, the patent can be read as covering  a *very*  
large set AuthZ
applications. Clearly a worry.  In any case, I think it is important  
that we state that
the proposed RFC will
not be used due to the patent license and that it should an  
experimental or informational
document and NOT a standard.

Please post comments to the list <tls at ietf.org> before Monday June 11.

Best Regards,
/F
--
Dr. Fredrik Hedman

Parallelldatorcentrum			email: hedman at kth.se
Kungl Tekniska Högskolan	phone: +4687906356
S-10044 Stockholm			mobile: +46707716356

sip: 6356 at kth.se		         	skype: fredrik_hedman
jabber: hedman at jabbertest.sys.kth.se


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2409 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/ogsa-authz-wg/attachments/20070601/708fb0ad/attachment.bin

More information about the ogsa-authz-wg mailing list