IETF Logo Mail Archive

Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do with JWT ?

Mike Jones <Michael.Jones@microsoft.com> Fri, 01 March 2013 02:34 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F12021F884F for <oauth@ietfa.amsl.com>; Thu, 28 Feb 2013 18:34:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.587
X-Spam-Level:
X-Spam-Status: No, score=-2.587 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SIHMlX6DsWya for <oauth@ietfa.amsl.com>; Thu, 28 Feb 2013 18:34:08 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0206.outbound.protection.outlook.com [207.46.163.206]) by ietfa.amsl.com (Postfix) with ESMTP id 4081921F8858 for <oauth@ietf.org>; Thu, 28 Feb 2013 18:34:08 -0800 (PST)
Received: from BY2FFO11FD006.protection.gbl (10.1.15.201) by BY2FFO11HUB039.protection.gbl (10.1.14.122) with Microsoft SMTP Server (TLS) id 15.0.620.12; Fri, 1 Mar 2013 02:34:05 +0000
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD006.mail.protection.outlook.com (10.1.14.127) with Microsoft SMTP Server (TLS) id 15.0.620.12 via Frontend Transport; Fri, 1 Mar 2013 02:34:05 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.132]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.02.0318.003; Fri, 1 Mar 2013 02:33:34 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: prateek mishra <prateek.mishra@oracle.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Fw: IPR Disclosure: - What to Do with JWT ?
Thread-Index: AQHOFejVUFJvFi9ZK06BAjjJMvlNTZiPy5oAgAAEkoCAAE2soA==
Date: Fri, 01 Mar 2013 02:33:33 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943674C7198@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <1362079266.8952.YahooMailClassic@web141002.mail.bf1.yahoo.com> <512FCDF0.6010807@gmx.net> <512FD1C5.2070100@oracle.com>
In-Reply-To: <512FD1C5.2070100@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(164054002)(13464002)(189002)(479174001)(24454001)(199002)(51704002)(377424002)(377454001)(56816002)(76482001)(54356001)(15202345001)(23726001)(47736001)(20776003)(33656001)(54316002)(77982001)(5343655001)(46406002)(44976002)(47976001)(5343635001)(74662001)(4396001)(63696002)(47776003)(55846006)(16406001)(50466001)(79102001)(65816001)(66066001)(50986001)(47446002)(74502001)(46102001)(80022001)(51856001)(53806001)(56776001)(31966008)(49866001)(59766001)(16940595002); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB039; H:TK5EX14MLTC102.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 0772E5DAD5
Cc: "oleg@gryb.info" <oleg@gryb.info>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do with JWT ?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2013 02:34:09 -0000

With the caveat that I have not read the patent disclosures, I will add that if they pertain to Elliptic Curve Cryptography, RFC 6090 is likely relevant - especially http://tools.ietf.org/html/rfc6090#section-7.1 on ECDH and http://tools.ietf.org/html/rfc6090#section-7.2 on ECDSA.

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of prateek mishra
Sent: Thursday, February 28, 2013 1:53 PM
To: Hannes Tschofenig
Cc: oleg@gryb.info; oauth@ietf.org
Subject: Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do with JWT ?

Two points  -

1) I request that this mailing list NOT be used for any substantive discussion of patent claims and so on. This will create difficulties for many participants and I dont believe is within the charter of this effort.

2) I would encourage interested parties to review the following document, which may be relevant to this discussion

http://www.w3.org/2011/xmlsec-pag/

- prateek

> Hi Oleg,
>
> my personal experience with Certicom's IPR disclosures is that they 
> focus on Elliptic Curve Cryptography. There were several IPR 
> disclosures on documents in the JOSE WG and some of them contain ECC 
> algorithms.
>
> The JWT does not list an ECC algorithm but the referenced documents do.
>
> Having said that the two cited IPRs seem to be:
> http://www.google.com/patents/US6704870
> http://www.google.com/patents/US7215773
>
> Take a look at it and make your assessment whether there is anything 
> we can change.
>
> Ciao
> Hannes
>
>
> On 02/28/2013 09:21 PM, Oleg Gryb wrote:
>> Dear OAuth WG and Chairs,
>>
>> Can somebody please comment the Certicom's disclosure below? If the 
>> purpose of this disclosure is to inform us that JWT can be 
>> potentially a subject of royalties and other possible legal actions, 
>> the value of adopting JWT in the scope of OAuth 2.0 IETF standard 
>> would definitely diminish and if this is the case shouldn't we 
>> consider replacing it with something similar, but different, which 
>> would not be a subject of the future possible litigation?
>>
>> I'm not a lawyer and might not understand the statement below 
>> correctly, so please let me know if/where I'm wrong. Please keep in 
>> mind also that the popularity of JWT is growing fast along with the 
>> implementations, so we need to do something quickly.
>>
>> Thanks,
>> Oleg.
>>
>>
>> --- On *Wed, 2/27/13, IETF Secretariat /<ietf-ipr@ietf.org>/* wrote:
>>
>>
>>     From: IETF Secretariat <ietf-ipr@ietf.org>
>>     Subject: [OAUTH-WG] IPR Disclosure: Certicom Corporation's Statement
>>     about IPR related to draft-ietf-oauth-json-web-token-06 (2)
>>     To: mbj@microsoft.com, ve7jtb@ve7jtb.com, n-sakimura@nri.co.jp
>>     Cc: derek@ihtfp.com, oauth@ietf.org, ipr-announce@ietf.org
>>     Date: Wednesday, February 27, 2013, 4:16 PM
>>
>>
>>     Dear Michael Jones, John Bradley, Nat Sakimura:
>>
>>     An IPR disclosure that pertains to your Internet-Draft entitled
>>     "JSON Web Token
>>     (JWT)" (draft-ietf-oauth-json-web-token) was submitted to the IETF
>>     Secretariat
>>     on 2013-02-20 and has been posted on the "IETF Page of Intellectual
>>     Property
>>     Rights Disclosures" (https://datatracker.ietf.org/ipr/1968/). The
>>     title of the
>>     IPR disclosure is "Certicom Corporation's Statement about IPR
>>     related to draft-
>>     ietf-oauth-json-web-token-06 (2)."");
>>
>>     The IETF Secretariat
>>
>>     _______________________________________________
>>     OAuth mailing list
>>     OAuth@ietf.org </mc/compose?to=OAuth@ietf.org>
>>     https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email