Today marks a major milestone for Mike Jones and myself.
Microsoft announced a new initiative that I hope goes a long way towards making life easier for all of us working together on identity cross-industry.
It's called the Open Specification Promise (OSP). The goal was to find the simplest, clearest way of assuring that the broadest possible audience of developers could implement specifications without worrying about intellectual property issues – in other words a simplified method of sharing “technical assets”. It's still a legal document, although a very simple one, so adjust your spectacles:
Microsoft Open Specification Promise
Microsoft irrevocably promises not to assert any Microsoft Necessary Claims against you for making, using, selling, offering for sale, importing or distributing any implementation to the extent it conforms to a Covered Specification (â€œCovered Implementationâ€), subject to the following. This is a personal promise directly from Microsoft to you, and you acknowledge as a condition of benefiting from it that no Microsoft rights are received from suppliers, distributors, or otherwise in connection with this promise. If you file, maintain or voluntarily participate in a patent infringement lawsuit against a Microsoft implementation of such Covered Specification, then this personal promise does not apply with respect to any Covered Implementation of the same Covered Specification made or used by you. To clarify, â€œMicrosoft Necessary Claimsâ€ are those claims of Microsoft-owned or Microsoft-controlled patents that are necessary to implement only the required portions of the Covered Specification that are described in detail and not merely referenced in such Specification. â€œCovered Specificationsâ€ are listed below.
This promise is not an assurance either (i) that any of Microsoftâ€™s issued patent claims covers a Covered Implementation or are enforceable or (ii) that a Covered Implementation would not infringe patents or other intellectual property rights of any third party. No other rights except those expressly stated in this promise shall be deemed granted, waived or received by implication, exhaustion, estoppel, or otherwise.
Covered Specifications (the promise applies individually to each of these specifications)
Web Services This promise applies to all existing versions of the following specifications. Many of these specifications are currently undergoing further standardization in certain standards organizations. To the extent that Microsoft is participating in those efforts, and this promise will apply to the specifications that result from those activities (as well as the existing versions).
WSDL 1.1 Binding Extension for SOAP 1.2
WS-Federation Active Requestor Profile
WS-Federation Passive Requestor Profile
Remote Shell Web Services Protocol
WS-Security: Kerberos Binding
WS-Security: SOAP Message Security
WS-Security: UsernameToken Profile
WS-Security: X.509 Certificate Token Profile
SOAP 1.1 Binding for MTOM 1.0
SOAP MTOM / XOP
WS-I Basic Profile
Web Single Sign-On Interoperability Profile
Web Single Sign-On Metadata Exchange Protocol
Note that you don't have to “do anything” to benefit from the promise. You don't need to sign a license or communicate anything to anyone. Just implement. Further, you don't need to mention or credit Microsoft. And you don't need to worry about encumbering people who use or redistribute or elaborate on your code – they are covered by the same promise.
The promise is the result of a lot of dialog between our lawyers and many others in the industry. Sometimes we developers wished progress could have been faster, but these are really complicated issues. How long does it take to write code? As long as it takes. And I think the same notion applies to negotiations of this kind – unless one party arrives at the table with some pre-determined and intransigent proposal. People on all sides of this discussion had legitimate concerns, and eventually we worked out ways to mitigate those concerns. I thank everyone for their contribution.
How have people from various communities reacted to the final proposal?
Lawrence Rosen, the lecturer at Stanford and author of, “Open Source Licensing: Software Freedom and Intellectual Property Law”, said:
â€œI see Microsoftâ€™s introduction of the OSP as a good step by Microsoft to further enable collaboration between software vendors and the open source community. This OSP enables the open source community to implement these standard specifications without having to pay any royalties to Microsoft or sign a license agreement. I'm pleased that this OSP is compatible with free and open source licenses.â€
Mark Webbink, Deputy General Counsel at Red Hat, said:
â€œRed Hat believes that the text of the OSP gives sufficient flexibility to implement the listed specifications in software licensed under free and open source licenses. We commend Microsoftâ€™s efforts to reach out to representatives from the open source community and solicit their feedback on this text, and Microsoft's willingness to make modifications in response to our comments.â€
And from RL “Bob” Morgan, Chair of the Middleware Architeture Committee for Education, and a major force behind Shibboleth:
The Microsoft Open Specification Promise is a very positive development.
In the university and open source communities, we need to know that we can implement specifications freely. This promise will make it easier for us to implement Web Services protocols and information cards and for them to be used in our communities.
So there it is folks. I'm impressed that such a short document embodies so much work and progress.