[OpenID] The OpenID Patents and foaf prior art disclosures

Sun Sep 30 10:04:18 UTC 2007

I dont think the patent claim I read early on in OpenID research (which I could not find in the last 10 minutes) claimed innovation in the issuing/assigning phase. 

It made claims - as I recall - that URIs applied to identity/certifier discovery and authentication were the leap forward. The patent examiner needs to be fired, else the inventors de-frauded him/her by not supplying complete and obvious prior art.

If you go even today to the IE trust stores for CAs applied to SSL, you will see one that stands out, strangely "URI named". Rather than say "VeriSign Class 3 Trust Network" or something, it declares itself as www.valicert.com. 

The cn attribute in a cert subject/issuer name (in ISO's formal object schema) has semantics defined by its issuer. I defined it as a short-form URI - signalling its URI-ness by convention (the use of the www pattern). It was applied in custom RP software,that leveraged the URI to help with.... discovery of validation servers.I also put the same value in the O(ganization) name, against all Directory conventions - as I wanted the URL to be visible to consumers once rendered by Microsoft tools.

I could have used the ISO-defined name form (URI!) with ISO-defined semantics (ISO committee notes, dated to about 1995)  - but Microsoft didnt support it at the time (2000/2001). If they had, one assumes one could have clicked on the name ,much as one gets today to click on certain certificate extentions that are URLs to policy documents that define the use/reliance terms that govern you when using/relying on the cert. .

The fun part of that cert bearing URI name form for its various security principals is that it passed a formal WebTrust for CAs audit, where there was "no issue" found with the convention - an issue I fully disclosed and report in the 200 page security policy disclosure/documentation set I had to write to satisfy the auditing firm. URIs used as formal naming of security principals, blessed by the AICPA community no less, with a (retained) paper trail as long as your auditor's/accountant's final bill.

________________________________

From: Story Henry [mailto:henry.story at bblfish.net]
Sent: Sun 9/30/2007 2:06 AM
To: Peter Williams
Cc: general at openid.net
Subject: Re: [OpenID] The OpenID Patents and foaf prior art disclosures

You can't patent the idea the a URI be assigned to people.
That is what URIs are: Universal Resource Identifiers. Resources can 
be anything, including people, thoughts, concepts, etc...

So that has been covered by the W3C, the IETF, and the semantic web 
initiative at a general level.

You can "buy" a domain name, and thereby lease URL namespaces, which 
you have control over.

Henry

On 30 Sep 2007, at 08:13, Peter Williams wrote:

> The folks who have disclosed that they are applying for core OpenID 
> patents may want to ensure their applications and/or applications 
> for continuances address the prior art noted in journalistic 
> articles such as http://www.xml.com/pub/a/2004/02/04/foaf.html - 
> which reference teaching on assigning URIs to people.
>
> Ill be going through the foaf-dev archives for 2002-2004, which 
> seemed to be the period where the RDF constructs for FOAF and WOT 
> were being innovated - and the notions of URI assignments to people 
> were being discussed liberally - both for and against. A search of 
> FOAF patents would seem to be in order.
>