Security/identity · 2006-06-15

A promise to you, dear developers

Sun today issued two “non-assertion covenants”, one on the SAML V2.0 standard and one on the Web SSO Interop specs we published jointly with Microsoft last year. I had the pleasure of announcing this in a Burton Catalyst user-centric identity panel a couple of hours ago (and Dick Hardt, up on the panel with me, got a smattering of applause going — cool!). You can find some definitions and context at Sun’s On the Record blog, but the short version is: Developers using these specs need not fear Sun patent attorneys breathing down their necks to squeeze royalties or anything else out of them. No web forms to fill out, no baying at the moon on Thursdays, nothing.

This is fairly similar to RSA Security’s statement made in April. I notice that another statement is now appearing on the SAML group’s IPR page: a non-assertion covenant from Fidelity. Wonderful news! And definitely a trend I’d like to encourage.

UPDATE: I can make no defense to Tag Boy’s point, except to note that English reuses too many darn words. However, I will note that one doesn’t actually need any IP in SAML to make such a statement — you’re just promising that if you ever did/do, and if it’s enforceable, you won’t actually enforce it (under whatever conditions). Try it, you’ll like it!