IdentityMeme.org

So, unfortunately for a while now, a few companies have asserted that they hold IP (Intellectual Property, typically in the form of issued patents) that applies to various aspects of SAML. RSA Security is one of these companies, and it even went so far as to “require” those implementing SAML to fill-out a license application form and submit it to them. Thankfully, RSA has now decided to abandon this practice and adopt a “defensive suspension” IP posture with respect to SAML. Hopefully, other companies whose SAML patent statements are not (yet) explicitly of the “defensive suspension” form will also adopt this posture. Such asserted patent statements have been a sticking point with various slices of the open source community, and hopefully this revision will help aid SAML adoption in such communities.

I recently co-authored a major rewrite of the so-called “SIP SAML” I-D, crafting it into an actual SAMLv2 profile and binding, now (rather plainly) entitled “SIP SAML Profile and Binding”. Here’s the publication announcement: I-D ACTION:draft-tschofenig-sip-saml-05.txt.

Here is the abstract:

This document specifies a Session Initiation Protocol (SIP) profile of Security Assertion Markup Language (SAML) as well as a SAML SIP binding. The defined SIP SAML Profile composes with the mechanisms defined in the SIP Identity specification and satisfy requirements presented in “Trait-based Authorization Requirements for the Session Initiation Protocol (SIP)”.