Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do with JWT ?
prateek mishra <prateek.mishra@oracle.com> Thu, 28 February 2013 21:54 UTC
Return-Path: <prateek.mishra@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F76821F8B83 for <oauth@ietfa.amsl.com>; Thu, 28 Feb 2013 13:54:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.569
X-Spam-Level:
X-Spam-Status: No, score=-6.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UeundtApvkpU for <oauth@ietfa.amsl.com>; Thu, 28 Feb 2013 13:54:14 -0800 (PST)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id 5ED2D21F8B2F for <oauth@ietf.org>; Thu, 28 Feb 2013 13:54:14 -0800 (PST)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r1SLrEJD019070 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 28 Feb 2013 21:53:15 GMT
Received: from acsmt356.oracle.com (acsmt356.oracle.com [141.146.40.156]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r1SLrDWm019599 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 28 Feb 2013 21:53:14 GMT
Received: from abhmt103.oracle.com (abhmt103.oracle.com [141.146.116.55]) by acsmt356.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id r1SLrDLm009394; Thu, 28 Feb 2013 15:53:13 -0600
Received: from [10.152.55.88] (/10.152.55.88) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 28 Feb 2013 13:53:13 -0800
Message-ID: <512FD1C5.2070100@oracle.com>
Date: Thu, 28 Feb 2013 16:53:09 -0500
From: prateek mishra <prateek.mishra@oracle.com>
Organization: Oracle Corporation
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <1362079266.8952.YahooMailClassic@web141002.mail.bf1.yahoo.com> <512FCDF0.6010807@gmx.net>
In-Reply-To: <512FCDF0.6010807@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
Cc: oleg@gryb.info, oauth@ietf.org
Subject: Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do with JWT ?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2013 21:54:15 -0000
Two points - 1) I request that this mailing list NOT be used for any substantive discussion of patent claims and so on. This will create difficulties for many participants and I dont believe is within the charter of this effort. 2) I would encourage interested parties to review the following document, which may be relevant to this discussion http://www.w3.org/2011/xmlsec-pag/ - prateek > Hi Oleg, > > my personal experience with Certicom's IPR disclosures is that they > focus on Elliptic Curve Cryptography. There were several IPR > disclosures on documents in the JOSE WG and some of them contain ECC > algorithms. > > The JWT does not list an ECC algorithm but the referenced documents do. > > Having said that the two cited IPRs seem to be: > http://www.google.com/patents/US6704870 > http://www.google.com/patents/US7215773 > > Take a look at it and make your assessment whether there is anything > we can change. > > Ciao > Hannes > > > On 02/28/2013 09:21 PM, Oleg Gryb wrote: >> Dear OAuth WG and Chairs, >> >> Can somebody please comment the Certicom's disclosure below? If the >> purpose of this disclosure is to inform us that JWT can be potentially a >> subject of royalties and other possible legal actions, the value of >> adopting JWT in the scope of OAuth 2.0 IETF standard would definitely >> diminish and if this is the case shouldn't we consider replacing it with >> something similar, but different, which would not be a subject of the >> future possible litigation? >> >> I'm not a lawyer and might not understand the statement below correctly, >> so please let me know if/where I'm wrong. Please keep in mind also that >> the popularity of JWT is growing fast along with the implementations, so >> we need to do something quickly. >> >> Thanks, >> Oleg. >> >> >> --- On *Wed, 2/27/13, IETF Secretariat /<ietf-ipr@ietf.org>/* wrote: >> >> >> From: IETF Secretariat <ietf-ipr@ietf.org> >> Subject: [OAUTH-WG] IPR Disclosure: Certicom Corporation's Statement >> about IPR related to draft-ietf-oauth-json-web-token-06 (2) >> To: mbj@microsoft.com, ve7jtb@ve7jtb.com, n-sakimura@nri.co.jp >> Cc: derek@ihtfp.com, oauth@ietf.org, ipr-announce@ietf.org >> Date: Wednesday, February 27, 2013, 4:16 PM >> >> >> Dear Michael Jones, John Bradley, Nat Sakimura: >> >> An IPR disclosure that pertains to your Internet-Draft entitled >> "JSON Web Token >> (JWT)" (draft-ietf-oauth-json-web-token) was submitted to the IETF >> Secretariat >> on 2013-02-20 and has been posted on the "IETF Page of Intellectual >> Property >> Rights Disclosures" (https://datatracker.ietf.org/ipr/1968/). The >> title of the >> IPR disclosure is "Certicom Corporation's Statement about IPR >> related to draft- >> ietf-oauth-json-web-token-06 (2).""); >> >> The IETF Secretariat >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org </mc/compose?to=OAuth@ietf.org> >> https://www.ietf.org/mailman/listinfo/oauth >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Fw: IPR Disclosure: - What to Do with … Oleg Gryb
- Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do w… Leif Johansson
- Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do w… Hannes Tschofenig
- Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do w… prateek mishra
- Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do w… Hannes Tschofenig
- Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do w… Leif Johansson
- Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do w… Oleg Gryb
- Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do w… Mike Jones
- Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do w… Oleg Gryb
- Re: [OAUTH-WG] the meaning of audience in SAML vs… Mike Jones
- [OAUTH-WG] comment on draft-tschofenig-auth-audie… prateek mishra
- Re: [OAUTH-WG] comment on draft-tschofenig-auth-a… Hannes Tschofenig
- [OAUTH-WG] the meaning of audience in SAML vs. OA… prateek mishra
- Re: [OAUTH-WG] the meaning of audience in SAML vs… Nat Sakimura
- Re: [OAUTH-WG] the meaning of audience in SAML vs… prateek mishra
- Re: [OAUTH-WG] the meaning of audience in SAML vs… Chuck Mortimore
- Re: [OAUTH-WG] the meaning of audience in SAML vs… Igor Faynberg
- Re: [OAUTH-WG] the meaning of audience in SAML vs… prateek mishra
- Re: [OAUTH-WG] the meaning of audience in SAML vs… Nat Sakimura