Mike and Hannes, Thanks. Very useful info that needs to be explored further. I actually like the W3C approach to the similar problem. It's described here: http://www.w3.org/2011/xmlsec-pag/pagreport.html
1. They've created PAG. 2. Contacted the patent holder. 3. Reviewed patent holder's proposal and rejected it as the one that doesn't meet W3C standards. 4. Created recommendations for the standard implementers, which is very important in my view. 5. Announced a decision that the work on the standard should go on. Can we expect this kind of engagement from IETF and OAuth-WG or are we on our own and should do our own research as has been suggested below? --- On Thu, 2/28/13, Mike Jones <[email protected]> wrote: From: Mike Jones <[email protected]> Subject: Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do with JWT ? To: "prateek mishra" <[email protected]>, "Hannes Tschofenig" <[email protected]> Cc: "[email protected]" <[email protected]>, "[email protected]" <[email protected]> Date: Thursday, February 28, 2013, 9:33 PM With the caveat that I have not read the patent disclosures, I will add that if they pertain to Elliptic Curve Cryptography, RFC 6090 is likely relevant - especially http://tools.ietf.org/html/rfc6090#section-7.1 on ECDH and http://tools.ietf.org/html/rfc6090#section-7.2 on ECDSA. -- Mike -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of prateek mishra Sent: Thursday, February 28, 2013 1:53 PM To: Hannes Tschofenig Cc: [email protected]; [email protected] Subject: Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do with JWT ? Two points - 1) I request that this mailing list NOT be used for any substantive discussion of patent claims and so on. This will create difficulties for many participants and I dont believe is within the charter of this effort. 2) I would encourage interested parties to review the following document, which may be relevant to this discussion http://www.w3.org/2011/xmlsec-pag/ - prateek > Hi Oleg, > > my personal experience with Certicom's IPR disclosures is that they > focus on Elliptic Curve Cryptography. There were several IPR > disclosures on documents in the JOSE WG and some of them contain ECC > algorithms. > > The JWT does not list an ECC algorithm but the referenced documents do. > > Having said that the two cited IPRs seem to be: > http://www.google.com/patents/US6704870 > http://www.google.com/patents/US7215773 > > Take a look at it and make your assessment whether there is anything > we can change. > > Ciao > Hannes > > > On 02/28/2013 09:21 PM, Oleg Gryb wrote: >> Dear OAuth WG and Chairs, >> >> Can somebody please comment the Certicom's disclosure below? If the >> purpose of this disclosure is to inform us that JWT can be >> potentially a subject of royalties and other possible legal actions, >> the value of adopting JWT in the scope of OAuth 2.0 IETF standard >> would definitely diminish and if this is the case shouldn't we >> consider replacing it with something similar, but different, which >> would not be a subject of the future possible litigation? >> >> I'm not a lawyer and might not understand the statement below >> correctly, so please let me know if/where I'm wrong. Please keep in >> mind also that the popularity of JWT is growing fast along with the >> implementations, so we need to do something quickly. >> >> Thanks, >> Oleg. >> >> >> --- On *Wed, 2/27/13, IETF Secretariat /<[email protected]>/* wrote: >> >> >> From: IETF Secretariat <[email protected]> >> Subject: [OAUTH-WG] IPR Disclosure: Certicom Corporation's Statement >> about IPR related to draft-ietf-oauth-json-web-token-06 (2) >> To: [email protected], [email protected], [email protected] >> Cc: [email protected], [email protected], [email protected] >> Date: Wednesday, February 27, 2013, 4:16 PM >> >> >> Dear Michael Jones, John Bradley, Nat Sakimura: >> >> An IPR disclosure that pertains to your Internet-Draft entitled >> "JSON Web Token >> (JWT)" (draft-ietf-oauth-json-web-token) was submitted to the IETF >> Secretariat >> on 2013-02-20 and has been posted on the "IETF Page of Intellectual >> Property >> Rights Disclosures" (https://datatracker.ietf.org/ipr/1968/). The >> title of the >> IPR disclosure is "Certicom Corporation's Statement about IPR >> related to draft- >> ietf-oauth-json-web-token-06 (2).""); >> >> The IETF Secretariat >> >> _______________________________________________ >> OAuth mailing list >> [email protected] </mc/[email protected]> >> https://www.ietf.org/mailman/listinfo/oauth >> >> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
