New versions of docs uploaded
Hi All in preparation for our telecon next Thursday I have updloaded new versions of two of our deliverables, namely Functional Components of Grid Service Provider Authorisation Service Middleware available at http://forge.gridforum.org/sf/go/doc14564?nav=1 and Use of XACML Request Context to Obtain an Authorisation Decision available from http://forge.gridforum.org/sf/go/doc14565?nav=1 Discussing these will be items on the telecon agenda. I hope to have an updated version of our third document prepared as well in time for the telecon regards David ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
Hi, In the OMII-Europe project we are have been considering how the proposed TLS-AUTHZ RFC could be used in connection with Grid Mw interoperability. In principle this is a very useful RFC that joins TLS, attribute certificates and SAML in an interesting constellation: TLS-AUTHZ is a way to enable authorization within the TLS protocol that supports both X.509 Attribute Certificates and SAML Assertions, see: <http://www.ietf.org/internet-drafts/draft-housley-tls-authz- extns-07.txt>. (It is implemented in GnuTLS.) However, there exists a patent license that covers the technology, see: <https://datatracker.ietf.org/public/ipr_detail_show.cgi?&ipr_id=833>. The patent is at http://www.wipo.int/pctdb/en/wo.jsp?wo=2006081085 The patent appears to cover (see claims 14-19) several common operations which uses authorization data, including 'purchase orders', 'request a document', 'enter into an agreement', 'receiving electronic funds transmission', 'receiving a voting ballot'. The patent license (see link above) grants rights to use the patent except for situations where you 1) explicitly reference a 'legal agreement' by a unique key, a name, file system reference, date, checksum etc, or 2) implicitly reference the 'legal agreement' by using the sender identity. The IETF is currently evaluating whether to publish the protocol as a standard, and they are asking for input to be sent to tls@ietf.org, see <http://article.gmane.org/gmane.ietf.tls/2535>. One approach would be to publish the document as an informational or experimental document. That would remove some of the IETF 'standard' label of the document. It is still published as an RFC, useful for references and to document the protocol. How this patent came about can be discussed and clearly there should be plenty of prior art. In fact, the patent can be read as covering a *very* large set AuthZ applications. Clearly a worry. In any case, I think it is important that we state that the proposed RFC will not be used due to the patent license and that it should an experimental or informational document and NOT a standard. Please post comments to the list <tls@ietf.org> before Monday June 11. Best Regards, /F -- Dr. Fredrik Hedman Parallelldatorcentrum email: hedman@kth.se Kungl Tekniska Högskolan phone: +4687906356 S-10044 Stockholm mobile: +46707716356 sip: 6356@kth.se skype: fredrik_hedman jabber: hedman@jabbertest.sys.kth.se
participants (2)
-
David Chadwick -
Fredrik Hedman