> Points to watch > ---------------- > One active committer is not much... this will be our main point to > watch, and see that it gains momentum.
As the committer in question, I more than agree. My focus is and will be for a while on Shibboleth, so our goal has been to get to a stable state so that OpenSAML would have a life of its own if the interest is there. > Blockers? > ----------- > "Are there IPR-related concerns with SAML (patents held by RSA but > offered royalty free)?" > > Can you please elaborate more on this? I can't elaborate as much as I'd like, but the relevant OASIS pointer is: http://www.oasis-open.org/committees/security/rsa-ipr-statement-SAML3b-OASIS-2002-04-22.shtml The particulars in regard to a library like OpenSAML are that both the distributor of the toolkit (currently Internet2, presumably the ASF in this context) and any users of the toolkit have to obtain a royalty-free license. Past discussion with RSA's OASIS SSTC reps (not their lawyers I want to emphasize) are that RSA intends a fax-back type of license. Recent discussion has not really clarified much, and while I've heard rumors of more liberal terms (possibly none for toolkits), they are only rumors to me. RSA has yet to define the precise license or the terms, but has been urged to do so by the SSTC. Sun is already selling one product, for example. Anyway, I'm not a lawyer and I don't play one on TV. And I'm not about to argue for or against the patent claims (my own opinions notwithstanding). But certainly the web services (and web services security) space is full of this stuff, most of it often much less clear than this, so welcome to the thunderdome. -- Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
