Content Guard Statement concerning Intellectual Property Rights, submitted to OASIS 13 November 2003

As a result of the recent progress in the TC, and to address any confusion about our intellectual property in general, ContentGuard is making the following IP declaration to the WSS TC.

ContentGuard believes that practicing solely the latest WSS TC Core specification and Token Profile specifications for Username, X.509, Kerberos, SAML, XrML, and XCBF, as of 11/13/03, in and of themselves, does not require a license of the currently issued ContentGuard patents. In addition, practicing solely the latest WSS TC Interop specifications for Interop1, Interop2, SAML, and XrML as of 11/13/03, in and of themselves, does not require a license of the currently issued ContentGuard patents.

ContentGuard is the owner of a broad portfolio of patents that cover inventions around Digital Rights Management systems and applications. There may be systems or applications making use of WSS TC Core, Token Profile, or Interop specifications that do infringe our patents. Any potential infringement is not affected by the use of a particular type of security token.

ContentGuard is committed to the success of this forthcoming standard. In those instances where systems or applications do infringe our issued patents and those systems or applications comply with WSS TC specifications, as standardized by OASIS, ContentGuard will negotiate licenses covering such systems or applications on reasonable and non-discriminatory terms and conditions.

Bruce Gitlin
VP Business Development
bruce.gitlin@contentguard.com
[O] 240-694-1223
[M] 585-317-5002

RSA Security Statement concerning Intellectual Property Rights, submitted to OASIS 2 March 2004

Further information about the availability of licenses from RSA Security with respect to the patents referenced below is available at http://www.rsasecurity.com/node.asp?id=2531

RSA Security Statement concerning Intellectual Property Rights, submitted to OASIS 25 September 2003

RSA Security is the owner of a number of patents dealing with authentication in client / server protocols. RSA Security believes that these patents are relevant to practicing certain operational modes of the OASIS Security Assertion Markup Language ("SAML") specifications including the SAML Browser/Post Profile. A royalty free license was extended to implementers of the SAML specification. The details of this license may be found at:

http://www.oasis-open.org/committees/security/ipr.php

Two of the relevant patents are U.S. Patent Nos. 6,085,320 and 6,189,098 "Client/Server Protocol for Proving Authenticity". The general idea described is where a client obtains a signed authentication assertion from an authority and then passes that signed assertion over an encrypted channel to a verifier (relying party) who, after validating the assertion, accepts it as proof of authentication of that user.

Two additional U.S. patents could also be relevant. These patents, U.S. Patent Nos. 5,922,074 and 6,249,873, both entitled "Method of and Apparatus for Providing Secure Distributed Directory Services and Public Key Infrastructure" were issued to Xcert Software, Inc., which was acquired by RSA Security in 2001. All four patents identified in this letter are covered by the license available to implementers of the SAML specification.

On review, RSA believes that the same four patents may be applicable to the use of signed security tokens such as SAML assertions or XrML licenses within WSS security headers. Our intention is to provide similar notice to OASIS of the applicable patents and to offer a royalty free license to cover WSS implementers under similar license criteria.

The URL for the US Patent and Trademark Office http://www.uspto.gov can be used to look up the appropriate patents by number for anyone interested in the details.

Andrew Nash, RSA Security
Director of Technology
CTO Office
RSA Security
617 470 4778
anash@rsasecurity.com

Microsoft Corporation Statement concerning Intellectual Property Rights, submitted to OASIS 17 January 2003

As called for, this note is to advise OASIS that Microsoft believes it has pending patent application(s) that include claims that are necessary to implement the Web Services Security contribution submitted on June 26, 2002, to the WS-Security Technical Committee ("Contribution"). Microsoft will update this statement if and when such pending patent application(s) issue.

Microsoft is willing to provide licenses to interested parties to any Necessary Claims (as defined in the WS-Security license at http://msdn.microsoft.com/webservices/docs/wss_license.asp) as follows:

If an OASIS Standard incorporating this Contribution is adopted by OASIS pursuant to the WS-Security Technical Committee Charter at the time the Contribution was submitted, Microsoft will grant, for the limited purposes of implementing and complying with the required portions of the resulting OASIS Standard, a ROYALTY-FREE, worldwide, non-sublicenseable, non-transferable, license to any such Necessary Claims to implement the Contribution under reasonable and non-discriminatory terms and conditions, provided a reciprocal patent license is granted to Microsoft and other implementers of the OASIS Standard.

I am not a lawyer so direct any questions regarding this communication to:

Microsoft Standards Group
c/o Dawna Hoerle
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052

John Shewchuk
Microsoft Corporation
johnshew@microsoft.com

IBM, Microsoft and VeriSign Statements concerning Intellectual Property Rights, submitted to OASIS 26 June 2002

In regards to the initial published draft of the WS-Security specification developed by IBM, Microsoft, and VeriSign (each an "Author"). The Authors hereby contribute this draft to the OASIS Web Services Security Technical Committee (WSSTC). In addition to the rights and representations provided for in the OASIS Policy on Intellectual Property Rights, the Authors make the following grants and commitments:

1. Each Author grants permission to OASIS and OASIS members the right to copy, display, perform, modify and distribute the Web Services Security ("WS-Security") draft specification and to authorize others to do the foregoing, in any medium without fee or royalty, for the purpose of further developing the WS-Security specification in the WSSTC as set forth in the draft WSS TC charter.

2. Each Author commits to grant a non sub-licenseable, non-transferable license to third parties, under royalty-free and other reasonable and non-discriminatory terms and conditions, to certain of their respective patent claims that such Author deems necessary to implement required portokions of the WS-Security specification, provided a reciprocal license is granted.

3. DISCLAIMERS:

THE WS-SECURITY SPECIFICATION IS PROVIDED "AS IS," AND THE AUTHORS MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF THE WS-SECURITY SPECIFICATION ARE SUITABLE FOR ANY PURPOSE; NOR THAT THE IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. THE AUTHORS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE WS-SECURITY SPECIFICATION OR THE PERFORMANCE OR IMPLEMENTATION OF THE CONTENTS THEREOF. No other rights are granted by implication, estoppel or otherwise.

submitted by:

Michael Weiner
International Business Machines Corporation

Chris Kurt
Microsoft Corporation

Phillip Hallam-Baker
VeriSign, Inc.