OASIS Security Services (SAML) TC
This TC operates under the RF on RAND Mode of the OASIS IPR Policy.
Sun Microsystems irrevocably covenants that, subject solely to the reciprocity requirement described below, it will not seek to enforce any of its enforceable U.S. or foreign patents against that portion of a product that implements the Security Assertion Markup Language (SAML) V2.0 specification or any subsequent version of that specification in whose development Sun participates to the point where Sun would be obligated by the rules of OASIS to grant (or commit to grant) patent licenses or make equivalent non-assertion covenants ("SAML Implementation").
The foregoing covenant shall not apply and Sun makes no assurance, covenant or commitment not to assert or enforce any or all of its patent rights against any individual, corporation or other entity that asserts, threatens or seeks at any time to enforce its own or another party's U.S. or foreign patents or patent rights against any SAML Implementation.
This statement is not an assurance either (i) that any of Sun's issued patents cover a SAML Implementation or are enforceable, or (ii) that a SAML Implementation would not infringe patents or other intellectual property rights of any third party.
No other rights except those expressly stated in this Non-Assertion Covenant shall be deemed granted, waived, or received by implication, or estoppel, or otherwise. Similarly, nothing in this statement is intended to relieve Sun of its obligations, if any, under the applicable rules of OASIS.
SAML Non-Assertion Covenant, submitted by Fidelity Investments, 17 April 2006
In the interest of encouraging deployment of SAML-based technologies, Fidelity (on behalf of itself and its subsidiaries) hereby covenants, free of any royalty, that it will not assert any of its NECESSARY CLAIMS against any other entity with respect to any implementation conforming to the SAML v2.0 OASIS Standard; however, this covenant shall become null and void (including prior use) with respect to any entity that asserts, directly or indirectly (e.g. through an affiliate), any patent claims or threatens any patent infringement suit against Fidelity or its subsidiaries.
Statement regarding IPR, submitted by RSA Security, 27 April 2006
To: OASIS Executive Director
From: Robert P. Nault, Senior Vice President and General Counsel, RSA Security Inc.
Date: April 27, 2006
Subject: Intellectual Property Rights Statement
In previous correspondence dated December 6, 2004, January 20, 2003 and April 22, 2002, RSA Security Inc. ("RSA") disclosed that it is the assignee of U.S. Patent Nos. 6,085,320 and 6,189,098, both entitled "Client/Server Protocol for Proving Authenticity" and U.S. Patent Nos. 5,922,074 and 6,249,873, both entitled "Method of and Apparatus for Providing Secure Distributed Directory Services and Public Key Infrastructure" (collectively, the "RSA Patents"). At that time, RSA believed that these four patents could be relevant to practicing certain operational modes of the OASIS Security Assertion Markup Language ("SAML") specifications. In the correspondence, RSA offered to grant non-exclusive, royalty-free licenses on a non-discriminatory basis for the RSA Patents.
In the interest of encouraging deployment of SAML-based technologies, RSA hereby covenants, free of any royalty, that it will not assert any claims in the RSA Patents which may be essential to the SAML standard v1.0, 1.1 and 2.0 (hereinafter "NECESSARY CLAIMS") against any other entity with respect to any implementation conforming to the SAML standard v1.0, 1.1 and/or 2.0. This covenant shall become null and void with respect to any entity that asserts, either directly or indirectly (e.g. through an affiliate), any patent claims or threatens or initiates any patent infringement suit against RSA and/or its subsidiaries or affiliates. The revocation of the covenant shall extend to all prior use by the entity asserting the claim.
RSA will continue to honor existing license agreements for the RSA Patents and will continue to offer as an option to interested third parties the same licensing arrangement described in our previous correspondence. (The license agreement, along with instructions for obtaining and completing the license, are available on RSA's website www.rsasecurity.com.)
RSA welcomes comments on this statement and looks forward to further collaboration with OASIS.
Statement from Fidelity Investments dated as of December 23, 2004
At this time, FMR Corp and Fidelity Investments (Fidelity), believes it owns a patent that contains claims which may be essential to the SAML v2.0 OASIS Standard (hereinafter NECESSARY CLAIMS). The patent at issue here was previously identified as essential to the Liberty Alliance Version 1.1 Specifications (see: http://www.projectliberty.org/specs/Fidelitytable.php) - which specifications have been substantively incorporated into the SAML v2.0 OASIS Standard.
In the interest of encouraging deployment of SAML-based technologies, Fidelity (on behalf of itself and its subsidiaries) would grant to any other person or legal entity a royalty-free, nonexclusive, nontransferable, license under Fidelity's NECESSARY CLAIMS to implement the SAML v2.0 OASIS Standard, and sell, promote or otherwise distribute the resulting implementation. Such a license would require that those who seek licenses agree to grant reciprocal, royalty-free, non-exclusive, nontransferable licenses under their NECESSARY CLAIMS to Fidelity and its affiliates that are necessary to implement the SAML v2.0 OASIS Standard. In addition, any license granted by Fidelity to a particular party would be retroactively revocable by Fidelity in the event that such party makes, threatens or initiates any legal claim or action against Fidelity and/or its affiliates regarding patent infringement. The revocation extends to all prior use by the particular party of the license grant made by Fidelity.
Patrick Harding
Fidelity Investments
(http://lists.oasis-open.org/archives/security-services/200412/msg00075.html)
Statement from AOL dated as of December 22, 2004
At this time, America Online, Inc. believes it owns certain patents and pending patent applications that contain claims which may be essential to the SAML v2.0 OASIS Standard (hereinafter NECESSARY CLAIMS). The patents and pending applications at issue here were previously identified as essential to the Liberty Alliance Version 1.1 Specifications (see: www.projectliberty.org/specs/AOLtable.php) - which specifications have been substantively incorporated into the SAML v2.0 OASIS Standard.
In the interest of encouraging deployment of SAML-based technologies, America Online, Inc. (on behalf of itself and its subsidiaries) hereby covenants, free of any royalty, that it will not assert any of its NECESSARY CLAIMS against any other entity with respect to any implementation conforming to the SAML v2.0 OASIS Standard, however, this covenant shall become null and void with respect to any entity that asserts, directly or indirectly (e.g. through an affiliate), any patent claims against America Online, Inc.
Conor P. Cahill
America Online, Inc.
(http://lists.oasis-open.org/archives/security-services/200412/msg00074.html)
RSA Intellectual Property Rights Statement of Intent submitted December 9, 2004.
To: OASIS Executive Director
From: Michelle B. Rosenberg, Assistant General Counsel, RSA Security Inc.
Date: December 6, 2004
Subject: IPR Letter of Intent
In previous correspondence dated January 20, 2003 and April 22, 2002, RSA Security Inc. ("RSA") disclosed that it is the assignee of U.S. Patent Nos. 6,085,320 and 6,189,098, both entitled "Client/Server Protocol for Proving Authenticity" and U.S. Patent Nos. 5,922,074 and 6,249,873, both entitled "Method of and Apparatus for Providing Secure Distributed Directory Services and Public Key Infrastructure" (collectively, the "RSA Patents"). At that time, RSA believed that these four patents could be relevant to practicing certain operational modes of the OASIS Security Assertion Markup Language ("SAML") specifications. In the interest of encouraging deployment of SAML-based technologies, RSA offered to grant non-exclusive, royally-free licenses on a non-discriminatory basis for the RSA Patents.
RSA is prepared to continue the licensing arrangements described in our previous correspondence and offer the same licensing terms for the RSA Patents for SAML V2.0. Specifically, under a separate license agreement which is available on RSA's website (along with instructions for obtaining and completing the license), RSA is willing to grant limited, non-exclusive, royalty-free licenses on a nondiscriminatory basis under the RSA Patents to make, use and sell products conforming to the SAML specifications ("Licensed Products"). The terms of this license will require a licensee who can assert patent rights with respect to the SAML specifications to grant to RSA a comparable non-exclusive, royalty-free license to all such patent(s). The reciprocity of the licensing is limited to only that intellectual property required to implement the assertions, protocols, bindings, and profiles defined by the SAML specifications.
The license terms for the RSA Patents will permit end-users to use the Licensed Products. However, in the event that a Licensed Product is a product (such as a toolkit product or operating system service) that is used to develop other products, the license will require the licensee of the RSA Patents to notify users of the Licensed Products that such users must obtain a license directly from RSA for the RSA Patents. RSA is willing to grant such licenses on the same non-exclusive, royalty-free terms described above.
RSA welcomes comments on this proposal and looks forward to further collaboration with OASIS.
Submittal letter from HP, Sun, RSA Security and Nokia dated as of 11 April 2003
To: OASIS Security Services Technical Committee
From: Jason Rouault, HP, Jeff Hodges, Sun, Rob Philpott, RSA Security, Frederick Hirsch, Nokia
As members of the OASIS SSTC, we would like to submit the Liberty Alliance Version 1.1 Specifications and forthcoming Errata Documents (further identified below in [1]) for consideration in preparing future versions of SAML.
The Liberty Alliance Board, which is the steward for Liberty Alliance Final Specifications, has approved a motion to enable further development of the Liberty Alliance Version 1.1 Specifications under the auspices of the SSTC. As these documents are built on SAMLv1, we believe it is in the best interests of the industry to converge these documents and otherwise resolve any issues with future SAML versions.
Copyright in the Liberty Alliance Version 1.1 Specifications is held jointly by the Liberty Alliance member companies identified in the document copyright statements. Our Liberty Alliance Agreements grant, with board approval, copyright licenses needed to prepare derivative works, among other activities, as required by the OASIS IPR Policy, section 3.1(1). We believe that all of the necessary conditions for a proper Contribution as shown in the IPR Policy section 3.1 are met.
In particular, as described in the "Notice" portion of each Liberty V1.1 Specification and Errata Document, the licenses to prepare derivative works are provided to OASIS through our board's action.
Our Liberty Alliance Membership Agreements also provide for Liberty Alliance members to grant patent licenses to all parties under at least fair, reasonable and non-discriminatory terms, if such licenses are required to implement the final Liberty Alliance specifications. Further information on specific disclosures which may have been made by Liberty Alliance members is located on the Liberty Alliance web site and in the actual documents.
Please let us know if there are any concerns or questions about this submission.
Thank you.
Jason, JeffH, Rob, Frederick
[1] Liberty v1.1 Specification Set
Liberty v1.1 Architecture Overview
http://www.projectliberty.org/specs/liberty-architecture-overview-v1.1.pdf
Liberty v1.1 Protocols and Schema Specification
http://www.projectliberty.org/specs/liberty-architecture-protocols-schema-v1.1.pdf
Liberty v1.1 Bindings and Profiles Specification
http://www.projectliberty.org/specs/liberty-architecture-bindings-profiles-v1.1.pdf
Liberty v1.1 Authentication Context Specification
http://www.projectliberty.org/specs/liberty-architecture-authentication-context-v1.1.pdf
Liberty v1.1 Glossary
http://www.projectliberty.org/specs/liberty-architecture-tech-glossary-v1.1.pdf
Liberty v1.1 Architecture Implementation Guidelines
http://www.projectliberty.org/specs/liberty-architecture-implementation-guidelines-v1.1.pdf
Liberty v1.1 Protocol XML Schema Document file
http://www.projectliberty.org/specs/liberty-architecture-protocols-schema-v1.1.xsd
Liberty v1.1 Authentication Context XML Schema Document file
http://www.projectliberty.org/specs/liberty-architecture-authentication-context-v1.1.xsd
DRAFT Liberty 1.1 Errata
DRAFT Liberty 1.1 Errata authentication-context XSD
DRAFT Liberty 1.1 Errata protocols and schema errata XSD
[the above Draft docs will be available early next week. Final versions will be available by TBD -- the schedule
will be discussed with SSTC]
For convenience, a single package of the released documentation is found at:
Liberty v1.1 Complete Specification Set
http://www.projectliberty.org/specs/liberty-specifications-v1.1.zip
Instructions for downloading and executing the license for RSA Intellectual Property Rights can be found on the RSA Security Inc web site at http://www.rsasecurity.com/solutions/standards/saml/.
RSA Intellectual Property Rights Statement of Intent of January 20, 2003 (received by OASIS on 13 February 2003)[This statement of intent supersedes the prior statement, dated 22 April 2002, below.]
To: OASIS Executive Director
From: Margaret K. Seif, Senior Vice President and General Counsel, RSA Security Inc.
Date: January 20, 2003
Subject: IPR Letter of Intent
In previous correspondence dated April 22, 2002 (the "April 22, 2002 Letter"), RSA Security Inc. ("RSA") disclosed that it is the assignee of U.S. Patent Nos. 6,085,320 and 6,189,098, both entitled "Client/Server Protocol for Proving Authenticity". At that time, RSA Security believed that these two patents could be relevant to practicing certain operational modes of the OASIS Security Assertion Markup Language ("SAML") specifications.
RSA believes that two additional U.S. patents could also be relevant to practicing the SAML specifications. These patents, both entitled "Method of and Apparatus for Providing Secure Distributed Directory Services and Public Key Infrastructure" (U.S. Patent Nos. 5,922,074 and 6,249,873) were issued to Xcert Software, Inc., which was acquired by RSA in 2001.
In the interest of encouraging deployment of SAML-based technologies, RSA offered to grant non-exclusive, royalty-free licenses on a non-discriminatory basis for the original two patents in the April 22, 2002 Letter. RSA has decided to offer the same licensing terms for these two additional patents as well as continue the licensing arrangements for the original two patents. Accordingly, this letter supercedes and replaces in all respects the April 22, 2002 Letter.
Under a separate license agreement, which will soon be available on RSA's website (along with instructions for obtaining and completing the license), RSA is willing to grant limited, non-exclusive, royalty-free licenses on a non-discriminatory basis under the four patents (collectively, "the RSA Patents") to make, use and sell products conforming to the SAML specifications ("Licensed Products"). The terms of this license will require a licensee who can assert patent rights with respect to the SAML specifications to grant to RSA a comparable non-exclusive, royalty-free licenses to all such patent(s). The reciprocity of the licensing is limited to only that intellectual property required to implement the assertions, protocols, bindings, and profiles defined by the SAML specifications.
The license terms for the RSA Patents will permit end-users to use the Licensed Products. However, in the event that a Licensed Product is a product (such as a toolkit product or operating system service) that is used to develop other products, the license will require the licensee of the RSA Patents to notify users of the Licensed Products that such users must obtain a license directly from RSA for the RSA Patents. RSA is willing to grant such licenses on the same non-exclusive, royalty-free terms described above.
RSA welcomes comments on this proposal and looks forward to further collaboration with OASIS.
RSA Intellectual Property Rights Statement of Intent of April 22, 2002[This statement of intent was sent to the security-services email distribution list by an RSA representative on 22-Apr-2002. See http://lists.oasis-open.org/archives/security-services/200204/msg00110.html. This statement of intent supersedes the prior statement, submitted 15-Mar-2002, below.]
To: OASIS Executive Director
From: Margaret K. Seif, Senior Vice President and General Counsel, RSA Security Inc.
Date: April 22, 2002
Subject: IPR Letter of Intent
RSA Security Inc. ("RSA") is the assignee of U.S. Patent Nos. 6,085,320 and 6,189,098, both entitled "Client/Server Protocol for Proving Authenticity". RSA believes that these two patents (collectively, "the RSA Patents") may be relevant to practicing certain operational modes of the OASIS Security Assertion Markup Language (SAML) specifications.
In the interest of encouraging deployment of these technologies, RSA is willing to grant non-exclusive, royalty-free licenses on a non-discriminatory basis under the RSA Patents to make, use and sell products conforming to the SAML specifications ("Licensed Products"), under a reciprocal arrangement where licensees agree to grant RSA comparable royalty-free licenses under any patent rights they may assert with respect to the SAML specifications. The reciprocity of the licensing is limited to only that intellectual property required to implement the assertions, protocols, bindings, and profiles defined by the SAML specifications.
The license terms for the RSA Patents will permit end-users to use the Licensed Products. However, in the event that a Licensed Product is a product (such as a toolkit product or operating system service) that is used to develop other products, the licensee of the RSA Patents must require users of the Licensed Products to obtain a license directly from RSA for the RSA Patents. RSA will grant such licenses on the same royalty-free terms described above.
RSA welcomes comments on this proposal and looks forward to further collaboration with OASIS.
RSA Intellectual Property Rights Statement of Intent of 15-Mar-2002[This statement of intent was sent to the security-services email distribution list by an RSA representative on 15-Mar-2002. See http://lists.oasis-open.org/archives/security-services/200203/msg00093.html]
To: OASIS Executive Director \
From: Margaret K. Seif, Senior Vice President and General Counsel, RSA Security Inc.
RSA Security Inc. ("RSA") is the assignee of U.S. Patent Nos. 6,085,320 and 6,189,098, both entitled "Client/Server Protocol for Proving Authenticity". RSA believes that these two patents (collectively, "the RSA Patents") may be relevant to practicing certain operational modes of the OASIS Security Assertion Markup Language (SAML) specification.
In the interest of encouraging deployment of these technologies, RSA is willing to grant non-exclusive, royalty-free licenses under the RSA Patents to make, use and sell products conforming to the SAML specification ("Licensed Products"), under a reciprocal arrangement where licensees agree to grant RSA comparable royalty-free licenses under any patent rights they may assert with respect to the SAML specification.M
The license terms for the RSA Patents will permit end-users to use the Licensed Products. However, in the event that a Licensed Product is a product (such as a toolkit product or operating system service) that is used to develop other products, the licensee of the RSA Patents must require users of the Licensed Products to obtain a license directly from RSA for the RSA Patents. RSA will grant such licenses on the same royalty-free terms described above.
RSA welcomes comments on this proposal and looks forward to further collaboration with OASIS.