RSA Security invites contributions to the One-Time Password Specifications, whether proposals for enhancements to existing OTPS documents ("proposed amendments") or suggestions for new OTPS documents ("proposed specifications"). In the interest of ensuring continued openness of the OTPS process and access to the OTPS documents, RSA Security has established the following requirements for OTPS contributions.
Only formal contributions are intended to be subject to these requirements. Mailing list discussions, comments on draft documents, and other informal input to the OTPS process continue to be welcomed in their present form, though RSA Security may seek to formalize any patent or copyright issues that may arise.
1. A Contribution shall consist of the following items:
- Title. A short, descriptive title of the Contribution.
- Classification. "Proposed Specification" or "Proposed Amendment" (identify existing OTPS document).
- Contributor. Name of organization(s) or individual(s) offering the Contribution. Include contact information.
- Date / Version of the contribution, to distinguish revisions.
- Abstract. A short, non-technical summary of the Contribution.
- Description. Sufficient detail should be given to enable others to assess the Contribution, and to enable a OTPS document to be revised or drafted to include the Contribution. In some cases, the description may consist of proposed revisions to an existing OTPS document, section by section.
- Discussion, covering the benefits of the Contribution, compared to existing OTPS documents and other Contributions, as well as any disadvantages.
- Intellectual Property Issues. See below.
2. The "Intellectual Property Issues" section shall include the following text:
Contributor hereby submits this Contribution to RSA Security for possible consideration in RSA Security' One-Time Password Specifications (OTPS) and agrees to the guidelines for OTPS contributions in effect at the time this Contribution is submitted.
Contributor also hereby grants RSA Security license to make derivative works of this Contribution for the purpose of the OTPS process including submissions of OTPS results to other forums. Contributor represents that it has authority to grant such license.
3. The "Intellectual Property Issues" section shall also include text identifying any patents, patent applications, trademarks or trademark applications owned by or exclusively licensed to Contributor that may apply to the Contribution. The following is a (fictitious) example:
"RSA Security Inc. makes no patent claims on the general constructions described in this document, although specific underlying techniques may be covered. Among the underlying techniques, the X algorithm (Appendix Y) is protected by U.S. Patent Z.
"X is a trademark of RSA Security Inc.
"RSA Security Inc. makes no representations regarding intellectual property claims by other parties. Such determination is the responsibility of the user."
4. The "Intellectual Property Issues" section shall also include text stating the Contributor's intent for licensing its patents and trademarks (existing and future) that may apply to the contribution. The text may take one of the following forms (following the practice of IEEE Standards):
a) A general disclaimer to the effect that the Contributor will not enforce any of its present or future patent(s) or trademarks whose use would be required to implement the Contribution or portions thereof if incorporated in OTPS documents.
b) A statement that a license will be made available to all applicants without compensation.
c) A statement that a license will be made available to all applicants under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination.
Forms a) and b) are preferred, particularly for Contributions offered as fundamental components of a OTPS document. RSA Security may request formal, written confirmation from Contributor of its licensing policy.
5. A Contributor shall promptly notify RSA Security of any changes in patent or trademark coverage or licensing policy.
6. RSA Security may solicit additional input from other parties on potential patent and trademark coverage on a Contribution, OTPS document or draft. Similarly, a Contributor may include information about other parties' potential patent and trademark coverage in a Contribution. However, RSA Security does not warrant the correctness or completeness of such information, and does not require a Contributor to so warrant.
7. RSA Security may reject a Contribution not meeting these requirements, and shall have sole decision-making authority on whether to include a Contribution or portions thereof in OTPS documents or drafts. As with previous OTPS documents, however, RSA Security will rely on the review and advice of the worldwide community of security researchers and developers in its decision-making, and welcomes the community's input throughout the OTPS process.
Please address contributions to:
RSA Security Inc.
174 Middlesex Turnpike
Bedford, MA 01730