Russ Housley <housley@xxxxxxxxxxxx> writes: > EXAMPLE > > Clearance may be the easiest one. For simplicity, let's assume that > the client are server already have X.509 identity certificates. > Assume the server is operated by the military, and it includes some > information that its wants to share with the public, perhaps > recruiting data, and information that is available to anyone that has > a clearance. This latter information is released to any client that > presents a valid attribute certificate that is bound to the X.509 > identity certificate used in client authentication and issued by any > of the military branches that demonstrates that the client holds a > clearance. It seems to me that the authorization data passed in this way can be used to "locate" an agreement, i.e., the legally binding document that approve a certain individual for some clearance level. The 1026 patent disclaimer text suggests this mode would be covered by their patent application. So I don't follow how that would be an example of an unencumbered way to use the protocol? However, this is mostly a legal decision, to evaluate the risks to get sued by implementing the technology, so I'll defer until I understand what a lawyer thinks about the new situation. /Simon _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf