Re: [KAML] Re: Chicago bar-BOF summary

Gerald Beuchelt <> Thu, 13 September 2007 20:55 UTC

Return-path: <>
Received: from [] ( by with esmtp (Exim 4.43) id 1IVvij-00080r-2G; Thu, 13 Sep 2007 16:55:29 -0400
Received: from [] ( by with esmtp (Exim 4.43) id 1IVvih-00080L-Dg for; Thu, 13 Sep 2007 16:55:27 -0400
Received: from ([]) by with esmtp (Exim 4.43) id 1IVvig-0007ML-31 for; Thu, 13 Sep 2007 16:55:27 -0400
Received: from ([]) by (8.13.6+Sun/8.12.9) with ESMTP id l8DKtPoM014706 for <>; Thu, 13 Sep 2007 20:55:25 GMT
Received: from by (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) id <> (original mail from for; Thu, 13 Sep 2007 14:55:25 -0600 (MDT)
Received: from [] by (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTPSA id <>; Thu, 13 Sep 2007 14:55:20 -0600 (MDT)
Date: Thu, 13 Sep 2007 16:55:55 -0400
From: Gerald Beuchelt <>
Subject: Re: [KAML] Re: Chicago bar-BOF summary
In-reply-to: <>
To: "Henry B. Hotz" <>
Message-id: <>
Organization: Sun Microsystems, Inc.
MIME-version: 1.0
References: <> <> <> <> <> <> <> <> <> <>
User-Agent: Thunderbird (Windows/20070728)
X-Spam-Score: -1.0 (-)
X-Scan-Signature: f49c97ce49302a02285a2d36a99eef8c
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about SAML and Kerberos intersections <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Type: multipart/mixed; boundary="===============0808187338=="

It is my understanding (and I am also no lawyer!) that the article by 
John Brezak carries a patent license regarding the actual content of the 
document itself.

Now, this document specifies the PAC for Windows 2000, with the 
exception of 18 reserved fields. What it also does not specify is any 
PAC changes in XP, 2003, Vista, or 2008. It also does not specify any 
backend infrastructure (e.g. discovery or resolution services, policy 
tools, or data storage, etc.) that might or might not be covered by 
patents or other intellectual property rights. Also, some of the default 
SIDs in the Windows implementation that are required for evaluating 
group membership (e.g. EVERYONE, etc.) are also not included in this 

In addition, I do seem to remember that Microsoft at some time offered a 
complete description (purportedly including the 18 reserved fields) of 
the PAC that came with a license explicitly prohibiting implementation. 
Since I did not touch this document, I cannot speak to its actual content.
So, as I am not a lawyer, I am quite paranoid when it comes to other 
people's IPR and license terms. Therefore I am just cautioning the use 
of these specifications, since they are (i) old (Windows 2000), (ii) not 
peer-reviewed, and (iii) not published by an established standards 
organization with a clear IPR regime.

Sorry to be such a pain, but if the majority of this group is intend on 
pursuing the NT PAC path, I would suggest that someone approaches 
Microsoft to get clarification about the status of the spec.



Henry B. Hotz wrote:
> On Sep 13, 2007, at 12:32 PM, Gerald Beuchelt wrote:
>> However, note that there is no patent covenant or even simple 
>> licensing terms for the backend infrastructure, so while implementing 
>> these data structures might be covered *to the extend that they are 
>> documented here), the necessary backend infrastructure might require 
>> additional licensing and royalties.
> I'm not sure what you mean.  Can you give an example of something that 
> might require a license?  In my mind (I'm not a lawyer) an 
> implementation is either independent, or not.  Since Microsoft doesn't 
> publish actual code for any of this an implementation is either 
> pirated from unpublished code, or it's independent, isn't it?
> ------------------------------------------------------------------------
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
>, or
KAML mailing list