Today marks a major milestone for Mike Jones and myself.
Microsoft announced a new initiative that I hope goes a long way towards making life easier for all of us working together on identity cross-industry.
It’s called the Open Specification Promise (OSP). The goal was to find the simplest, clearest way of assuring that the broadest possible audience of developers could implement specifications without worrying about intellectual property issues - in other words a simplified method of sharing “technical assets”. It’s still a legal document, although a very simple one, so adjust your spectacles:
Microsoft Open Specification Promise
Microsoft irrevocably promises not to assert any Microsoft Necessary Claims against you for making, using, selling, offering for sale, importing or distributing any implementation to the extent it conforms to a Covered Specification (“Covered Implementationâ€), subject to the following. This is a personal promise directly from Microsoft to you, and you acknowledge as a condition of benefiting from it that no Microsoft rights are received from suppliers, distributors, or otherwise in connection with this promise. If you file, maintain or voluntarily participate in a patent infringement lawsuit against a Microsoft implementation of such Covered Specification, then this personal promise does not apply with respect to any Covered Implementation of the same Covered Specification made or used by you. To clarify, “Microsoft Necessary Claims†are those claims of Microsoft-owned or Microsoft-controlled patents that are necessary to implement only the required portions of the Covered Specification that are described in detail and not merely referenced in such Specification. “Covered Specifications†are listed below.
This promise is not an assurance either (i) that any of Microsoft’s issued patent claims covers a Covered Implementation or are enforceable or (ii) that a Covered Implementation would not infringe patents or other intellectual property rights of any third party. No other rights except those expressly stated in this promise shall be deemed granted, waived or received by implication, exhaustion, estoppel, or otherwise.
Covered Specifications (the promise applies individually to each of these specifications)
Web Services This promise applies to all existing versions of the following specifications. Many of these specifications are currently undergoing further standardization in certain standards organizations. To the extent that Microsoft is participating in those efforts, and this promise will apply to the specifications that result from those activities (as well as the existing versions).
WS-Addressing
WS-AtomicTransaction
WS-BusinessActivity
WS-Coordination
WS-Discovery
WSDL
WSDL 1.1 Binding Extension for SOAP 1.2
WS-Enumeration
WS-Eventing
WS-Federation
WS-Federation Active Requestor Profile
WS-Federation Passive Requestor Profile
WS-Management
WS-Management Catalog
WS-MetadataExchange
WS-Policy
WS-PolicyAttachment
WS-ReliableMessaging
WS-RM Policy
Remote Shell Web Services Protocol
WS-SecureConversation
WS-Security: Kerberos Binding
WS-Security: SOAP Message Security
WS-Security: UsernameToken Profile
WS-Security: X.509 Certificate Token Profile
WS-SecurityPolicy
SOAP
SOAP 1.1 Binding for MTOM 1.0
SOAP MTOM / XOP
SOAP-over-UDP
WS-Transfer
WS-Trust
WS-I Basic Profile
Web Single Sign-On Interoperability Profile
Web Single Sign-On Metadata Exchange Protocol
Note that you don’t have to “do anything” to benefit from the promise. You don’t need to sign a license or communicate anything to anyone. Just implement. Further, you don’t need to mention or credit Microsoft. And you don’t need to worry about encumbering people who use or redistribute or elaborate on your code - they are covered by the same promise.
The promise is the result of a lot of dialog between our lawyers and many others in the industry. Sometimes we developers wished progress could have been faster, but these are really complicated issues. How long does it take to write code? As long as it takes. And I think the same notion applies to negotiations of this kind - unless one party arrives at the table with some pre-determined and intransigent proposal. People on all sides of this discussion had legitimate concerns, and eventually we worked out ways to mitigate those concerns. I thank everyone for their contribution.
How have people from various communities reacted to the final proposal?
Lawrence Rosen, the lecturer at Stanford and author of, “Open Source Licensing: Software Freedom and Intellectual Property Law”, said:
“I see Microsoft’s introduction of the OSP as a good step by Microsoft to further enable collaboration between software vendors and the open source community. This OSP enables the open source community to implement these standard specifications without having to pay any royalties to Microsoft or sign a license agreement. I’m pleased that this OSP is compatible with free and open source licenses.â€
Mark Webbink, Deputy General Counsel at Red Hat, said:
“Red Hat believes that the text of the OSP gives sufficient flexibility to implement the listed specifications in software licensed under free and open source licenses. We commend Microsoft’s efforts to reach out to representatives from the open source community and solicit their feedback on this text, and Microsoft’s willingness to make modifications in response to our comments.â€
And from RL “Bob” Morgan, Chair of the Middleware Architeture Committee for Education, and a major force behind Shibboleth:
The Microsoft Open Specification Promise is a very positive development.
In the university and open source communities, we need to know that we can implement specifications freely. This promise will make it easier for us to implement Web Services protocols and information cards and for them to be used in our communities.
So there it is folks. I’m impressed that such a short document embodies so much work and progress.
Thank you Kim.
Thank You.
Nice job Mike and Kim. It is short but still a little stacked with legaleze. I will be interested to see how this plays. Who did you have to blow to get Microsoft legal to buy off on this?
[...] I’m sure we’ll learn more as we go. In the meantime, congrats to Kim Cameron et al. for their work on this. Having negotiating these things with Sun lawyers several times in the past, I’ve come to respect the world of IPR declarations as a technology in and of itself, one that’s difficult to master. [...]
[...] The most significant announcement of DIDW was Microsoft’s Open Specification Promise. For years, there’s been an intellectual property cloud hanging over the OASIS specifications that form a large part of what makes Web services work. Unlike other standards bodies, OASIS doesn’t require that technologies built into its specifications be IP-free. [...]
Digital Id World Summary #1…
I’ve been at DIDW 2006, busily preaching I-Names and Equals, our new service for leveraging relationships to control communication on multiple communication channels. It seems to be getting a lot of attention, and I’ll be talking more about it on…
[...] with FOSS community requirements. [00:33] | [computers/open_source] | # | TB | F | G | 0 Comments | You can subscribe to an RSS feed of the comments for thisblog: [...]
[...] The most significant announcement of DIDW was Microsoft’s Open Specification Promise. For years, there’s been an intellectual property cloud hanging over the OASIS specifications that form a large part of what makes Web services work. Unlike other standards bodies, OASIS doesn’t require that technologies built into its specifications be IP-free. [...]
Microsoft Open Specification Promise …
All credit goes to Kim Cameron & Mike Jones for making this a realityÂ…. Lets CELEBRATE !!!
According to Kim:
Note that you donÂ’t have to “do anything” to benefit from the promise. You donÂ’t need to sign a license or communicate anything to a…
[...] Kim Cameron announced that Microsoft are making it possible for anyone to implement Infocard-compatible systems (and other systems the depend on the same protocols), via the Open Specification Promise. [...]
[...] Ben Laurie, a major contibutor to internet security through his work at Apache, and now at Google, is generally positive about OSP but has questions:  “Kim Cameron announced that Microsoft are making it possible for anyone to implement Infocard-compatible systems (and other systems the depend on the same protocols), via the Open Specification Promise. [...]
Security Blankets…
I see David Berlind has been asking for my opinion on Microsoft’s new non-assert covenant . Keeping in mind that (a) Kim didn’t send me an e-mail to tell me about it, let alone an advance review copy like Andy Updegrove , and (b) I have been in …
[...] As has been widely reported, Microsoft announced its Open Specification Promise last week. A lot of folks have already posted about it (see here, here, and here ). But, given the overall importance of the announcement to the identity community, I wanted to make our thoughts on the subject known, and to give credit where it’s due. (Note: This entry is cross posted at both my blog and our new Identity and Privacy Strategies blog.) In summary, Microsoft has decided to offer the Open Specification Promise (OSP) for the Web services protocols that support CardSpace in particular, and the InfoCards architecture in general. The OSP provides an alternative to Microsoft’s “reasonable and non discriminatory/royalty free†(RAND/RF) licensing agreement, which most open source developers didn’t like. As I understand it, the OSP essentially provides an assurance that Microsoft won’t sue anyone implementing the specifications covered by the document. So developers don’t even have to agree to a license; they can implement the covered specifications without fear of being sued. (With certain, mostly comprehensible exceptions.) [...]
[...] So I just wanna shout out to my FRIEND Kim Cameron.  “Wassup homeboy?” [...]
[...] So I just wanna shout out to my FRIEND Kim Cameron.  “Wassup homeboy?†[...]
[...] IP revealed by this photo is part of the Open Specification Promise (OSP).  I checked with our operations people to see if the items in the bin  really are the secret [...]