Cover Pages Logo SEARCH
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards

RSA Security: Non-Assertion Covenant for SAML

RSA Security Issues Non-Assertion Covenant for SAML-based Technologies

Subject:   A change to the RSA licensing process for SAML implementers
From:      "Philpott, Robert" <>
To:        <>
Date:      Thu, 11 May 2006 19:29:31 -0400

Hi all,

As you all should know, RSA Security's IP declaration for SAML described a licensing process that required downloading a license from the RSA Security web site, getting it signed, and mailing it back to RSA's legal office. I've been working on getting this changed for quite a long time (months) and finally achieved success last week! We have now switched to the common 'defensive suspension' style of licensing, for example like that used by AOL for SAML.

I notified OASIS of the change on 27-April. I've been waiting for them to post the new statement to the SSTC IPR page before announcing it, but since there's been a bit of discussion on IP licensing (mentioning SAML) on the chairs list and over at Liberty, we concluded we should go ahead and update everyone.

The text of the new statement is attached below. As I said, it should be posted to the IPR page very soon (anyone at OASIS listening?)...


Rob Philpott
Senior Consulting Engineer
RSA Security Inc.
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
I-name: =Rob.Philpott

To: OASIS Executive Director
From: Robert P. Nault, Senior Vice President and General Counsel, RSA Security Inc.
Date: April 27, 2006
Subject: Intellectual Property Rights Statement

RSA Intellectual Property Rights Statement

In previous correspondence dated December 6, 2004, January 20, 2003 and April 22, 2002, RSA Security Inc. ("RSA") disclosed that it is the assignee of U.S. Patent Nos. 6,085,320 and 6,189,098, both entitled "Client/Server Protocol for Proving Authenticity" and U.S. Patent Nos. 5,922,074 and 6,249,873, both entitled "Method of and Apparatus for Providing Secure Distributed Directory Services and Public Key Infrastructure" (collectively, the "RSA Patents"). At that time, RSA believed that these four patents could be relevant to practicing certain operational modes of the OASIS Security Assertion Markup Language ("SAML") specifications. In the correspondence, RSA offered to grant non-exclusive, royalty-free licenses on a non-discriminatory basis for the RSA Patents.

In the interest of encouraging deployment of SAML-based technologies, RSA hereby covenants, free of any royalty, that it will not assert any claims in the RSA Patents which may be essential to the SAML standard v1.0, 1.1 and 2.0 (hereinafter "NECESSARY CLAIMS") against any other entity with respect to any implementation conforming to the SAML standard v1.0, 1.1 and/or 2.0. This covenant shall become null and void with respect to any entity that asserts, either directly or indirectly (e.g., through an affiliate), any patent claims or threatens or initiates any patent infringement suit against RSA and/or its subsidiaries or affiliates. The revocation of the covenant shall extend to all prior use by the entity asserting the claim.

RSA will continue to honor existing license agreements for the RSA Patents and will continue to offer as an option to interested third parties the same licensing arrangement described in our previous correspondence. (The license agreement, along with instructions for obtaining and completing the license, are available on RSA's website

RSA welcomes comments on this statement and looks forward to further collaboration with OASIS


Prepared by Robin Cover for The XML Cover Pages archive. See also "Sun Patent Non-Assertion Covenant for OpenDocument Offers Model for Standards." General references in "Security Assertion Markup Language (SAML)."

Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: