TAVERNA-1031: Export restrictions for Taverna Server
diff --git a/README.md b/README.md
index 0476ca9..64a0752 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@
# Apache Taverna Server (incubating)
REST/WSDL web service for executing
-[Apache Taverna](http://taverna.incubator.apache.org/) (incubating)
+[Apache Taverna](https://taverna.incubator.apache.org/) (incubating)
workflows.
@@ -42,7 +42,7 @@
# Contribute
Please subscribe to and contact the
-[dev@taverna](http://taverna.incubator.apache.org/community/lists#dev) mailing list
+[dev@taverna](https://taverna.incubator.apache.org/community/lists#dev) mailing list
for any questions, suggestions and discussions about
Apache Taverna.
@@ -335,3 +335,56 @@
Taverna Server should then become available at
the equivalent of http://localhost:8080/taverna-server/
+
+# Export restrictions
+
+This distribution includes cryptographic software.
+The country in which you currently reside may have restrictions
+on the import, possession, use, and/or re-export to another country,
+of encryption software. BEFORE using any encryption software,
+please check your country's laws, regulations and policies
+concerning the import, possession, or use, and re-export of
+encryption software, to see if this is permitted.
+See <http://www.wassenaar.org/> for more information.
+
+The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS),
+has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1,
+which includes information security software using or performing
+cryptographic functions with asymmetric algorithms.
+The form and manner of this Apache Software Foundation distribution makes
+it eligible for export under the License Exception
+ENC Technology Software Unrestricted (TSU) exception
+(see the BIS Export Administration Regulations, Section 740.13)
+for both object code and source code.
+
+The following provides more details on the included cryptographic software:
+
+* Taverna Server's `CertificateChainFetcher` uses
+ [Java Secure Socket Extension](https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html)
+ (JSS) to pre-fetch certificates of SSL-secured web services accessed by Taverna workflows.
+* Taverna Server's support for propagating username/password credentials in
+ `SecurityContextFactory` relies on
+ [BouncyCastle](https://www.bouncycastle.org/) bcprov encryption library and
+ [Java Cryptography Extension](http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html)
+ (JCE) to generate a keystore for Taverna Command-line tool.
+ The [JCE Unlimited Strength Jurisdiction Policy](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html)
+ may need to be installed separately.
+* Taverna Server may interact with the credential manager support in
+ [Apache Taverna Command-line Tool](https://taverna.incubator.apache.org/download/commandline/)
+ to provide a keystore of client credentials and trusted certificates for SSL-secured web services.
+* After building, the
+ `taverna-server-webapp/target/taverna-server.war` will include
+ dependencies that are covered
+ by export restrictions, including:
+ [BouncyCastle](https://www.bouncycastle.org/) bcprov encryption library,
+ [Apache HttpComponents](https://hc.apache.org/) Core and Client,
+ [Apache Derby](http://db.apache.org/derby/),
+ [Jetty](http://www.eclipse.org/jetty/),
+ [Apache WSS4J](https://ws.apache.org/wss4j/),
+ [Apache XML Security for Java](https://santuario.apache.org/javaindex.html),
+ [Open SAML Java](https://shibboleth.net/products/opensaml-java.html),
+ [Apache Taverna Language](https://taverna.incubator.apache.org/download/language/),
+ [Apache Taverna OSGi](https://taverna.incubator.apache.org/download/osgi/),
+ [Apache Taverna Engine](https://taverna.incubator.apache.org/download/engine/),
+ [Apache Taverna Common Activities](https://taverna.incubator.apache.org/download/common-activities/),
+ and [Apache Taverna Command-line Tool](https://taverna.incubator.apache.org/download/commandline/).