[OGSA-AUTHZ] SAML + Attribute Certificates and the TLS-AUTHZ RFC
Fredrik Hedman
hedman at kth.se
Fri Jun 1 08:48:11 CDT 2007
Hi,
In the OMII-Europe project we are have been considering how the
proposed TLS-AUTHZ RFC
could be used in connection with Grid Mw interoperability. In
principle this is a very useful RFC
that joins TLS, attribute certificates and SAML in an interesting
constellation: TLS-AUTHZ is a
way to enable authorization within the TLS
protocol that supports both X.509 Attribute Certificates and SAML
Assertions, see:
<http://www.ietf.org/internet-drafts/draft-housley-tls-authz-
extns-07.txt>.
(It is implemented in GnuTLS.) However, there exists a patent license
that covers
the technology, see:
<https://datatracker.ietf.org/public/ipr_detail_show.cgi?&ipr_id=833>.
The patent is at http://www.wipo.int/pctdb/en/wo.jsp?wo=2006081085
The patent appears to cover (see claims 14-19) several common operations
which uses authorization data, including 'purchase orders', 'request a
document', 'enter into an agreement', 'receiving electronic funds
transmission', 'receiving a voting ballot'.
The patent license (see link above) grants rights to use the patent
except for situations where you 1) explicitly reference a 'legal
agreement' by a unique key, a name, file system reference, date,
checksum etc, or 2) implicitly reference the 'legal agreement' by using
the sender identity.
The IETF is currently evaluating whether to publish the protocol as a
standard, and they are asking for input to be sent to tls at ietf.org, see
<http://article.gmane.org/gmane.ietf.tls/2535>.
One approach would be to publish the document as an informational or
experimental document. That would remove some of the IETF 'standard'
label of the document. It is still published as an RFC, useful for
references and to document the protocol.
How this patent came about can be discussed and clearly there should
be plenty
of prior art. In fact, the patent can be read as covering a *very*
large set AuthZ
applications. Clearly a worry. In any case, I think it is important
that we state that
the proposed RFC will
not be used due to the patent license and that it should an
experimental or informational
document and NOT a standard.
Please post comments to the list <tls at ietf.org> before Monday June 11.
Best Regards,
/F
--
Dr. Fredrik Hedman
Parallelldatorcentrum email: hedman at kth.se
Kungl Tekniska Högskolan phone: +4687906356
S-10044 Stockholm mobile: +46707716356
sip: 6356 at kth.se skype: fredrik_hedman
jabber: hedman at jabbertest.sys.kth.se
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2409 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/ogsa-authz-wg/attachments/20070601/708fb0ad/attachment.bin
More information about the ogsa-authz-wg
mailing list