IETF Logo Mail Archive

Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do with JWT ?

Oleg Gryb <oleg_gryb@yahoo.com> Fri, 01 March 2013 04:15 UTC

Return-Path: <oleg_gryb@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD10821F87C5 for <oauth@ietfa.amsl.com>; Thu, 28 Feb 2013 20:15:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fJMaWdDPyRre for <oauth@ietfa.amsl.com>; Thu, 28 Feb 2013 20:15:56 -0800 (PST)
Received: from nm13.bullet.mail.bf1.yahoo.com (nm13.bullet.mail.bf1.yahoo.com [98.139.212.172]) by ietfa.amsl.com (Postfix) with SMTP id 209E721F8749 for <oauth@ietf.org>; Thu, 28 Feb 2013 20:15:56 -0800 (PST)
Received: from [98.139.215.142] by nm13.bullet.mail.bf1.yahoo.com with NNFMP; 01 Mar 2013 04:15:55 -0000
Received: from [98.139.212.205] by tm13.bullet.mail.bf1.yahoo.com with NNFMP; 01 Mar 2013 04:15:54 -0000
Received: from [127.0.0.1] by omp1014.mail.bf1.yahoo.com with NNFMP; 01 Mar 2013 04:15:54 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 800365.93586.bm@omp1014.mail.bf1.yahoo.com
Received: (qmail 99765 invoked by uid 60001); 1 Mar 2013 04:15:54 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1362111354; bh=sRwvubH0sYFg8GzhVoOTJ86GVGyLU2yqqAx8NBuUAEg=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=NEIqxecrJhyc/6GIQRyjkIpsyS7cKESfrs09TZjbLi4DoHMzGGFwF7/G1o1bMiX2it6rauU0j8wBleh/BGYvUe3sSArCflwe1nagRHi+/RHsM9QO9fmW2KJCLVg9NsarFh+P/UqHhsifjYvIEUCT/W6Vyq8AGM2wk57cMoNTGUU=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=26ndDkFfbO0mUeZ4CkVOW3C5VOvDTGLImtvzbL7iGsvftmzZgVH7XUOROBnjLOgXU3RnUaurvAPUgX13Uu9t8bXyfKNWgGtUbzOmQQJncRIlfxljuDLXal4UDQvbL1G4pPxk2gD/qt7uo8jGS4e0/qsvJGs4uZviI9yHjvbFHtY=;
X-YMail-OSG: cZxz2xEVM1nrUzAzZEJh2hj9W2UUcfXdfiPhGxfpAqikANT 2Eu.dNrnA1gWkei9ZOzGidYcSjbphQYggW3V_UYh0aTsZ.rEzN22qSRYGtT6 zt0RVHjT_lYE7_O64p99uj_CjYF.yLZCtAJ_GCtHHSMpzwuFp68l_lQVr7jO _2Yqheo_ZWQZMzICvzaco.jpQtOzcu1dqNtkx6eAwC8dmUwTMG9NQ2HlTvQo sr3i45pzz.ovojwE_hNU2VGYb8m2c8oTfjdruXbNiiKL0iD1Od4x0UTvrDTZ WhDccGLfqde5PUhPkMHf4ZOC5Qpn.hLSdM1K1Pb86c2q41J6_p0APHKJiR2G mC3o_7hTdaCVBLACUt818ZqusDJsVcyrCOVtutUwZbXFYmc_h6tdVFdsRyXJ zNM1KqGWXxIGlEANeJe3V.VMn_kQt_eJyLI16c8VRrmXMeM0UdjJGangby9m jhFGLS56SJcstCQMzE8QsObowlDoZVIRGmSedTRuUNlv_uMz.CWsOGcm8_rp VZ.gMF9ZBQqIXeeAW0YzfJa4oPIx7RyM36KgkQlsgdZ8uDhMLHUddNFTNDJK 3MjWOqANkF0QATUTRtgRIcpstMWBCti.Qfl33d0jPxNmwkPYczajWbpys3oa SSVrKgCuWH6pNVSkWTJ85GRy_i32df0I1BfgfWqs7p1TpjA--
Received: from [67.116.255.151] by web141004.mail.bf1.yahoo.com via HTTP; Thu, 28 Feb 2013 20:15:54 PST
X-Rocket-MIMEInfo: 001.001, TWlrZSBhbmQgSGFubmVzLA0KDQpUaGFua3MuIFZlcnkgdXNlZnVsIGluZm8gdGhhdCBuZWVkcyB0byBiZSBleHBsb3JlZCBmdXJ0aGVyLiBJIGFjdHVhbGx5IGxpa2UgdGhlIFczQyBhcHByb2FjaCB0byB0aGUgc2ltaWxhciBwcm9ibGVtLiBJdCdzIGRlc2NyaWJlZCBoZXJlOiBodHRwOi8vd3d3LnczLm9yZy8yMDExL3htbHNlYy1wYWcvcGFncmVwb3J0Lmh0bWwgDQoNCjEuIFRoZXkndmUgY3JlYXRlZCBQQUcuDQoyLiBDb250YWN0ZWQgdGhlIHBhdGVudCBob2xkZXIuIA0KMy4gUmV2aWV3ZWQgcGF0ZW50IGgBMAEBAQE-
X-Mailer: YahooMailClassic/15.1.4 YahooMailWebService/0.8.135.514
Message-ID: <1362111354.59175.YahooMailClassic@web141004.mail.bf1.yahoo.com>
Date: Thu, 28 Feb 2013 20:15:54 -0800
From: Oleg Gryb <oleg_gryb@yahoo.com>
To: prateek mishra <prateek.mishra@oracle.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Mike Jones <Michael.Jones@microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943674C7198@TK5EX14MBXC283.redmond.corp.microsoft.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-262101065-859756872-1362111354=:59175"
Cc: "oleg@gryb.info" <oleg@gryb.info>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do with JWT ?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: oleg@gryb.info
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2013 04:15:57 -0000

Mike and Hannes,

Thanks. Very useful info that needs to be explored further. I actually like the W3C approach to the similar problem. It's described here: http://www.w3.org/2011/xmlsec-pag/pagreport.html 

1. They've created PAG.
2. Contacted the patent holder. 
3. Reviewed patent holder's proposal and rejected it as the one that doesn't meet W3C standards.
4. Created recommendations for the standard implementers, which is very important in my view.
5. Announced a decision that the work on the standard should go on.

Can we expect this kind of engagement from IETF and OAuth-WG or are we on our own and should do our own research as has been suggested below?



--- On Thu, 2/28/13, Mike Jones <Michael.Jones@microsoft.com> wrote:

From: Mike Jones <Michael.Jones@microsoft.com>
Subject: Re: [OAUTH-WG] Fw:  IPR Disclosure: - What to Do with JWT ?
To: "prateek mishra" <prateek.mishra@oracle.com>, "Hannes Tschofenig" <hannes.tschofenig@gmx.net>
Cc: "oleg@gryb.info" <oleg@gryb.info>, "oauth@ietf.org" <oauth@ietf.org>
Date: Thursday, February 28, 2013, 9:33 PM

With the caveat that I have not read the patent disclosures, I will add that if they pertain to Elliptic Curve Cryptography, RFC 6090 is likely relevant - especially http://tools.ietf.org/html/rfc6090#section-7.1 on ECDH and http://tools.ietf.org/html/rfc6090#section-7.2 on ECDSA.

                -- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of prateek mishra
Sent: Thursday, February 28, 2013 1:53 PM
To: Hannes Tschofenig
Cc: oleg@gryb.info; oauth@ietf.org
Subject: Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do with JWT ?

Two points  -

1) I request that this mailing list NOT be used for any substantive discussion of patent claims and so on. This will create difficulties for many participants and I dont believe is within the charter of this effort.

2) I would encourage interested parties to review the following document, which may be relevant to this discussion

http://www.w3.org/2011/xmlsec-pag/

- prateek

> Hi Oleg,
>
> my personal experience with Certicom's IPR disclosures is that they 
> focus on Elliptic Curve Cryptography. There were several IPR 
> disclosures on documents in the JOSE WG and some of them contain ECC 
> algorithms.
>
> The JWT does not list an ECC algorithm but the referenced documents do.
>
> Having said that the two cited IPRs seem to be:
> http://www.google.com/patents/US6704870
> http://www.google.com/patents/US7215773
>
> Take a look at it and make your assessment whether there is anything 
> we can change.
>
> Ciao
> Hannes
>
>
> On 02/28/2013 09:21 PM, Oleg Gryb wrote:
>> Dear OAuth WG and Chairs,
>>
>> Can somebody please comment the Certicom's disclosure below? If the 
>> purpose of this disclosure is to inform us that JWT can be 
>> potentially a subject of royalties and other possible legal actions, 
>> the value of adopting JWT in the scope of OAuth 2.0 IETF standard 
>> would definitely diminish and if this is the case shouldn't we 
>> consider replacing it with something similar, but different, which 
>> would not be a subject of the future possible litigation?
>>
>> I'm not a lawyer and might not understand the statement below 
>> correctly, so please let me know if/where I'm wrong. Please keep in 
>> mind also that the popularity of JWT is growing fast along with the 
>> implementations, so we need to do something quickly.
>>
>> Thanks,
>> Oleg.
>>
>>
>> --- On *Wed, 2/27/13, IETF Secretariat /<ietf-ipr@ietf.org>/* wrote:
>>
>>
>>     From: IETF Secretariat <ietf-ipr@ietf.org>
>>     Subject: [OAUTH-WG] IPR Disclosure: Certicom Corporation's Statement
>>     about IPR related to draft-ietf-oauth-json-web-token-06 (2)
>>     To: mbj@microsoft.com, ve7jtb@ve7jtb.com, n-sakimura@nri.co.jp
>>     Cc: derek@ihtfp.com, oauth@ietf.org, ipr-announce@ietf.org
>>     Date: Wednesday, February 27, 2013, 4:16 PM
>>
>>
>>     Dear Michael Jones, John Bradley, Nat Sakimura:
>>
>>     An IPR disclosure that pertains to your Internet-Draft entitled
>>     "JSON Web Token
>>     (JWT)" (draft-ietf-oauth-json-web-token) was submitted to the IETF
>>     Secretariat
>>     on 2013-02-20 and has been posted on the "IETF Page of Intellectual
>>     Property
>>     Rights Disclosures" (https://datatracker.ietf.org/ipr/1968/). The
>>     title of the
>>     IPR disclosure is "Certicom Corporation's Statement about IPR
>>     related to draft-
>>     ietf-oauth-json-web-token-06 (2)."");
>>
>>     The IETF Secretariat
>>
>>     _______________________________________________
>>     OAuth mailing list
>>     OAuth@ietf.org </mc/compose?to=OAuth@ietf.org>
>>     https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email