{"id":592,"date":"2006-09-25T12:01:24","date_gmt":"2006-09-25T20:01:24","guid":{"rendered":"\/?p=592"},"modified":"2006-09-25T12:54:48","modified_gmt":"2006-09-25T20:54:48","slug":"jamie-lewis-on-open-specification-promise","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=592","title":{"rendered":"Jamie Lewis on Open Specification Promise"},"content":{"rendered":"<p>The <a href=\"http:\/\/www.burtongroupblogs.com\/jamielewis\/\" class=\"broken_link\">Burton Group&#39;s<\/a> CEO, Jamie Lewis, <a href=\"http:\/\/www.burtongroupblogs.com\/jamielewis\/2006\/09\/microsofts_open.html\" class=\"broken_link\">discusses <\/a>the OSP and what it means for the identity community:&nbsp;<\/p>\n<blockquote><p>As has been widely reported, Microsoft announced its <a href=\"http:\/\/www.microsoft.com\/interop\/osp\/default.mspx\" class=\"broken_link\"><font color=\"#5891d1\">Open Specification Promise<\/font><\/a> last week. A lot of folks have already posted about it (see <a href=\"\/?p=574\"><font color=\"#5891d1\">here<\/font><\/a>, <a href=\"http:\/\/confusedofcalcutta.com\/2006\/09\/13\/improving-my-vision-some-views-on-microsofts-open-specification-promise\/\"><font color=\"#5891d1\">here<\/font><\/a>, and <a href=\"http:\/\/www.itgarage.com\/node\/783\"><font color=\"#5891d1\">here<\/font><\/a><a href=\"http:\/\/dw.com.com\/redir?destUrl=http%3A%2F%2Fwww.microsoft.com%2Finterop%2Fosp%2Fdefault.mspx&#038;siteId=3&#038;oId=2100-7344-6115914&#038;ontId=1001&#038;lop=nl.ex\"><font color=\"#5891d1\"> <\/font><\/a>). But, given the overall importance of the announcement to the identity community, I wanted to make our thoughts on the subject known, and to give credit where it\u00e2\u20ac\u2122s due. (Note: This entry is cross posted at both my blog and our new <a href=\"http:\/\/identityblog.burtongroup.com\/\" class=\"broken_link\"><font color=\"#5891d1\">Identity and Privacy Strategies blog<\/font><\/a>.)<br \/>\nIn summary, Microsoft has decided to offer the Open Specification Promise (OSP) for the Web services protocols that support CardSpace in particular, and the InfoCards architecture in general. The OSP provides an alternative to Microsoft\u00e2\u20ac\u2122s \u00e2\u20ac\u0153reasonable and non discriminatory\/royalty free\u00e2\u20ac\u009d (RAND\/RF) <a href=\"http:\/\/download.microsoft.com\/download\/8\/e\/5\/8e59dce6-2b27-4fc3-bd00-0531c5514ae3\/WSS_License-Agreement.pdf\" class=\"broken_link\"><font color=\"#5891d1\">licensing agreement<\/font><\/a>, which most open source developers didn\u00e2\u20ac\u2122t like. As I understand it, the OSP essentially provides an assurance that Microsoft won\u00e2\u20ac\u2122t sue anyone implementing the specifications covered by the document. So developers don\u00e2\u20ac\u2122t even have to agree to a license; they can implement the covered specifications without fear of being sued. (With certain, mostly comprehensible exceptions.)<\/p>\n<p>Before I comment on the OSP, however, let me first provide the disclaimer almost every technologist I talk with about licensing issues gives me: I\u00e2\u20ac\u2122m not a lawyer, and so my comments should in no way be construed as having legal weight. (If you\u00e2\u20ac\u2122d like to see an analysis of the OSP document from a legal perspective, see Andy Updegrove\u00e2\u20ac\u2122s <a href=\"http:\/\/www.consortiuminfo.org\/standardsblog\/article.php?story=20060912140103877\" class=\"broken_link\"><font color=\"#5891d1\">excellent post<\/font><\/a> from last week.) But Microsoft\u00e2\u20ac\u2122s announcement has more than legal ramifications. Microsoft\u00e2\u20ac\u2122s move could have a significant impact on the market, and that\u00e2\u20ac\u2122s where we come in.<\/p>\n<p>In short, the OSP is a significant, positive step forward for both Microsoft and the community working to create a better identity infrastructure for the Internet. The people who have been tirelessly advocating the move within Microsoft deserve an enormous amount of credit for making it happen. (<a href=\"https:\/\/www.identityblog.com\/\"><font color=\"#5891d1\">Kim Cameron<\/font><\/a> deserves some special recognition at this point in what has been a long process.) At this, point, one of the most significant obstacles to widespread development around the InfoCard architecture has been removed, and that\u00e2\u20ac\u2122s good news for everyone involved.<\/p>\n<p><strong>Some Background<\/strong><\/p>\n<p>I\u00e2\u20ac\u2122ve been following the InfoCard effort for a long time with a great deal of interest, primarily because I\u00e2\u20ac\u2122ve always thought it was a great idea. But I also had some concerns about how it would be received in the market, at least early on. Circa 2002, it was fair to say that, given Microsoft\u00e2\u20ac\u2122s history, any idea the company put forward for addressing the identity problem\u00e2\u20ac\u201dregardless of its merit\u00e2\u20ac\u201dwould likely meet large amounts of skepticism and, at least in some cases, outright resistance from many market players.<\/p>\n<p>From the first time he ever spoke with me about the functionality we now know as CardSpace, for example, Kim has been consistently insistent about the need for and importance of cross-platform support. I certainly agree that a consistent user experience\u00e2\u20ac\u201dregardless of the operating system and device a person chooses to use\u00e2\u20ac\u201dis profoundly important to addressing the identity problem. But I\u00e2\u20ac\u2122ll have to admit that I wondered many times if Microsoft would really let Kim do what he thought needed to be done. And as I talked with other folks about InfoCard as the concept began to take shape, I heard more than a few people express varying degrees of skepticism about Microsoft\u00e2\u20ac\u2122s true intentions or Kim\u00e2\u20ac\u2122s ability to convince the powers that be to move in a more open direction.<\/p>\n<p>But by decidedly atypical and relentless means, Microsoft has done a great deal of what seemed nearly impossible only a few years ago, overcoming the skepticism and building good will. Consequently, there is a palpable and sincere desire on the part of a lot of people to implement the InfoCard technologies. And three or four years ago, many of these people wouldn\u00e2\u20ac\u2122t have even considered working with Microsoft on a beer run, much less an identity system.<\/p>\n<p>Still, licensing was a huge obstacle to seeing that good will and intention translated into demonstrable action and working code. With only a few exceptions, everyone I talked to over the last six months or so\u00e2\u20ac\u201dfrom open source developers to commercial software companies\u00e2\u20ac\u201dindicated that until the licensing issue had been put to bed, they really couldn\u00e2\u20ac\u2122t (or wouldn\u00e2\u20ac\u2122t) build anything. And they had a point. Were I in their shoes, I would insist on clear licensing terms as well.<\/p>\n<p><strong>Enter the OSP<\/strong><\/p>\n<p>With the OSP, then, Microsoft has taken what is for it a bold step, removing one of the most significant obstacles to widespread InfoCard development. The OSP makes it clear that Microsoft isn\u00e2\u20ac\u2122t laying some elaborate and sinister trap for everyone, that it truly is offering something of significant value to the industry and a huge opportunity to developers looking to build better identity management systems.<\/p>\n<p>Yes, there are still some details to work out (I\u00e2\u20ac\u2122ll get to those in a moment). And yes, neither CardSpace nor InfoCard\u00e2\u20ac\u2122s supporting system are slam dunks in today\u00e2\u20ac\u2122s transitional market place. But the OSP is concrete evidence that even those with valid reasons to doubt Microsoft\u00e2\u20ac\u2122s sincerity are running out of excuses for ignoring InfoCard. Without it, the overall InfoCard effort was stymied. With it, the InfoCard effort can move forward in the way Kim has always intended. And for that both Kim and Microsoft deserve recognition and gratitude.<\/p>\n<p><strong>About Those Remaining Issues <\/strong>Several folks have commented that it\u00e2\u20ac\u2122s not just the specifications that matter, but the implementation details. And they\u00e2\u20ac\u2122re right. (While I\u00e2\u20ac\u2122ve heard similar things from a few people, most of these issues are summarized in the Higgins project\u00e2\u20ac\u2122s <a href=\"http:\/\/wiki.eclipse.org\/index.php\/Draft_Response_to_Open_Specification_Promise\"><font color=\"#5891d1\">draft response to the OSP<\/font><\/a>.)<\/p>\n<p>Microsoft has published an implementation guide for CardSpace, but the details it includes on how to implement the specifications covered by the OSP aren\u00e2\u20ac\u2122t covered by the OSP. (You can find the guide, as well as other details on implementation, <a href=\"http:\/\/msdn.microsoft.com\/winfx\/reference\/infocard\/default.aspx\"><font color=\"#5891d1\">on MSDN<\/font><\/a>.) In particular, there are schema and meta-data models that are crucial to getting what <a href=\"http:\/\/www.parityinc.net\/management.htm\" class=\"broken_link\"><font color=\"#5891d1\">Paul Trevithick<\/font><\/a> calls \u00e2\u20ac\u0153functional equivalence\u00e2\u20ac\u009d with CardSpace on other platforms. The CardSpace user interface is an equally important issue. While efforts like the <a href=\"http:\/\/www.eclipse.org\/higgins\/\"><font color=\"#5891d1\">Higgins Trust Framework<\/font><\/a> may not copy the CardSpace UI down to every pixel, interoperable implementations must emulate the basic sequence of events in the CardSpace interface (what Kim Cameron has called \u00e2\u20ac\u0153ceremony\u00e2\u20ac\u009d) if we\u00e2\u20ac\u2122re to get the common user experience to which Kim aspires. These implementation details must be covered by the same kind of promise.<\/p>\n<p>But if Microsoft can accomplish what\u00e2\u20ac\u2122s embodied in the OSP as it now stands, then it seems reasonable to assume that what remains is haggling over details, that the licensing issue is finally on a downhill path. In other words, the fat lady has sung, and we\u00e2\u20ac\u2122re just waiting for the coda. And now the onus has shifted to those who have professed a willingness to implement InfoCard technologies and interoperate with Microsoft if the licensing details could be favorably resolved. Microsoft is living up to its end of the bargain, and now it\u00e2\u20ac\u2122s your turn. Those who\u00e2\u20ac\u2122ve already started development, without waiting on the licensing issues, have some advantage. My advice to those who have been waiting? Get busy.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>According to Jamie, the fat lady has sung, and we\u00e2\u20ac\u2122re just waiting for the coda. His advice to those who have seen IP as an obstacle to InfoCards? Get busy.<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[16,6,8,15,9],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/592"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=592"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/592\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}