Hi, In the OMII-Europe project we are have been considering how the proposed TLS-AUTHZ RFC could be used in connection with Grid Mw interoperability. In principle this is a very useful RFC that joins TLS, attribute certificates and SAML in an interesting constellation: TLS-AUTHZ is a way to enable authorization within the TLS protocol that supports both X.509 Attribute Certificates and SAML Assertions, see: <http://www.ietf.org/internet-drafts/draft-housley-tls-authz- extns-07.txt>. (It is implemented in GnuTLS.) However, there exists a patent license that covers the technology, see: <https://datatracker.ietf.org/public/ipr_detail_show.cgi?&ipr_id=833>. The patent is at http://www.wipo.int/pctdb/en/wo.jsp?wo=2006081085 The patent appears to cover (see claims 14-19) several common operations which uses authorization data, including 'purchase orders', 'request a document', 'enter into an agreement', 'receiving electronic funds transmission', 'receiving a voting ballot'. The patent license (see link above) grants rights to use the patent except for situations where you 1) explicitly reference a 'legal agreement' by a unique key, a name, file system reference, date, checksum etc, or 2) implicitly reference the 'legal agreement' by using the sender identity. The IETF is currently evaluating whether to publish the protocol as a standard, and they are asking for input to be sent to tls@ietf.org, see <http://article.gmane.org/gmane.ietf.tls/2535>. One approach would be to publish the document as an informational or experimental document. That would remove some of the IETF 'standard' label of the document. It is still published as an RFC, useful for references and to document the protocol. How this patent came about can be discussed and clearly there should be plenty of prior art. In fact, the patent can be read as covering a *very* large set AuthZ applications. Clearly a worry. In any case, I think it is important that we state that the proposed RFC will not be used due to the patent license and that it should an experimental or informational document and NOT a standard. Please post comments to the list <tls@ietf.org> before Monday June 11. Best Regards, /F -- Dr. Fredrik Hedman Parallelldatorcentrum email: hedman@kth.se Kungl Tekniska Högskolan phone: +4687906356 S-10044 Stockholm mobile: +46707716356 sip: 6356@kth.se skype: fredrik_hedman jabber: hedman@jabbertest.sys.kth.se