Contents

• Summary
• List of Covered Specifications
• From the OSP Frequently Asked Questions
• Precedents: Non-Assertion Covenants and Patent Commons
• Andy Updegrove Legal Commentary
• Principal References

In a move that should be welcome news to open-source software developers, Microsoft has announced a broad irrevocable declaration promising not to assert any Microsoft Necessary Claims against anyone making, using, selling, offering for sale, importing or distributing any implementation of a list of Web Services specifications.

The Microsoft Open Specification Promise has been published on the company's Interoperability web site. It applies individually to each of a list of some thirty-five (35) [38 or more] Covered Specifications, including specifications being developed at OASIS, W3C, WS-I, and elsewhere.

According to Microsoft's announcement, the Open Specification Promise (OSP) "provides broad use of Microsoft patented technology necessary to implement a list of covered specifications. The goal of the OSP is to provide our customers and partners with additional options for implementing interoperable solutions." The published promise said to offer a "simple and clear way to assure that the broadest audience of developers and customers working with commercial or open source software can implement [the named Web Services] specifications through a simplified method of sharing of technical assets."

The OSP embodies "a personal promise directly from Microsoft to you, and you acknowledge as a condition of benefiting from it that no Microsoft rights are received from suppliers, distributors, or otherwise in connection with this promise." As expected in this kind of non-assert agreement, the language includes defensive suspension: "If you file, maintain or voluntarily participate in a patent infringement lawsuit against a Microsoft implementation of such Covered Specification, then this personal promise does not apply with respect to any Covered Implementation of the same Covered Specification made or used by you."

The Open Specification Promise (OSP) is similar in many respects to patent non-assertion covenants and patent pledges provided by Computer Associates, IBM, Nokia, Novell, Open Source Development Labs (OSDL), Red Hat, and Sun Microsystems in various contexts. It addresses a number of long-standing concerns voiced by members of the open source software development community about the particular requirements of open-source licensing and distribution business models. For example, where many standards bodies use patent policy language asserting that patent licence terms are "non-sublicenseable," the Microsoft Open Specification Promise makes this limitation disappear, as clarified in the FAQ: "There is no need for sublicensing. This promise is directly applicable to you and everyone else who wants to use it. Accordingly, your distributees, customers and vendors can directly take advantage of this same promise, and have the exact same protection that you have."

The Microsoft OSP eliminates the need for explicit execution of a license agreement: "No one needs to sign anything or even reference anything. Anyone is free to implement the specification(s), as they wish and do not need to make any mention of or reference to Microsoft. Anyone can use or implement these specification(s) with their technology, code, solution, etc. You must agree to the terms in order to benefit from the promise; however, you do not need to sign a license agreement, or otherwise communicate your agreement to Microsoft."

The promise is not conditioned upon a requirement to implement all of a specification: "The OSP applies to anyone who is building software and or hardware to implement one or more of those specification(s). You can choose to implement all or part of the specification(s)... The OSP applies whether you have a full or partial implementation. You get the same irrevocable promise from us either way. In all cases, the OSP covers only your implementation of the parts of the specification(s) that you decide to use."

Positive review and commentary on the legal aspects of the OSP has been published by leading representatives and spokespersons from the open source community. These include Mark Webbink (Deputy General Counsel, Redhat, Inc), Lawrence Rosen (Stanford University, Lecturer in Law), and RL "Bob" Morgan (Senior Technology Architect, University of Washington). According to Rosen: "I see Microsoft's introduction of the OSP as a good step by Microsoft to further enable collaboration between software vendors and the open source community. This OSP enables the open source community to implement these standard specifications without having to pay any royalties to Microsoft or sign a license agreement. I'm pleased that this OSP is compatible with free and open source licenses."

List of Covered Specifications

The text of the Microsoft Open Specification Promise as of 2006-09-14 presented a list of some thirty-eight (38) Web Services specifications covered by the OSP: "...This promise applies to all existing versions of the following specifications. Many of these specifications are currently undergoing further standardization in certain standards organizations. To the extent that Microsoft is participating in those efforts, this promise will apply to the specifications that result from those activities, as well as the existing versions..." Note: The list of "Covered Specifications" as of 2006-09-12 included 35 named specifications; three WS-Security Token Profile specifications were added on 2006-09-14.

• Remote Shell Web Services Protocol
• SOAP 1.1 Binding for MTOM 1.0
• SOAP MTOM / XOP
• SOAP-over-UDP
• SOAP
• Web Single Sign-On Interoperability Profile
• Web Single Sign-On Metadata Exchange Protocol
• WS-Addressing
• WS-AtomicTransaction
• WS-BusinessActivity
• WS-Coordination
• WS-Discovery
• WS-Enumeration
• WS-Eventing
• WS-Federation Active Requestor Profile
• WS-Federation Passive Requestor Profile
• WS-Federation
• WS-I Basic Profile
• WS-Management Catalog
• WS-Management
• WS-MetadataExchange
• WS-Policy
• WS-PolicyAttachment
• WS-ReliableMessaging
• WS-RM Policy
• WS-SecureConversation
• WS-Security: Kerberos Binding
• WS-Security: Kerberos Token Profile
• WS-Security: Rights Expression Language (REL) Token Profile
• WS-Security: SAML Token profile
• WS-Security: SOAP Message Security
• WS-Security: UsernameToken Profile
• WS-Security: X.509 Certificate Token Profile
• WS-SecurityPolicy
• WS-Transfer
• WS-Trust
• WSDL
• WSDL 1.1 Binding Extension for SOAP 1.2

From the OSP Frequently Asked Questions

Excerpted from the FAQ document:

• Q: Why did Microsoft take this approach? A: It was a simple, clear way, after looking at many different licensing approaches, to reassure a broad audience of developers and customers that the specification(s) could be used for free, easily, now and forever.

• Q: How does the Open Specification Promise work? Do I have to do anything in order to get the benefit of this OSP? A: No one needs to sign anything or even reference anything. Anyone is free to implement the specification(s), as they wish and do not need to make any mention of or reference to Microsoft. Anyone can use or implement these specification(s) with their technology, code, solution, etc. You must agree to the terms in order to benefit from the promise; however, you do not need to sign a license agreement, or otherwise communicate your agreement to Microsoft.

• Q: What is covered and what is not covered by the Open Specification Promise? A: The OSP covers each individual specification designated on the public list posted at http://www.microsoft.com/interop/osp/. The OSP applies to anyone who is building software and or hardware to implement one or more of those specification(s). You can choose to implement all or part of the specification(s). The OSP does not apply to any work that you do beyond the scope of the covered specification(s).

Precedents: Non-Assertion Covenants and Patent Commons

From among a longer (and growing) list of instruments used to neutralize the detrimental effects of patents on open standards, here are some key examples. Readers will appreciate the fact that typical non-assertion declarations (covenants, promises) are short and readable, typically a couple paragraphs.

• Sun Microsystems UBL Non-Assertion Covenant. Posted by Jon Bosak. July 21, 2006. "At a conference hosted by the Cox School of Business at Southern Methodist University yesterday (20 July 2006), Greg Papadopoulos, Sun Microsystems Chief Technology Officer and Executive VP of R&D, announced the issuance of a Non-Assertion Covenant (NAC) for UBL. Sun's unilateral, voluntary waiver of its right to enforce possibly relevant patent claims alleviates the burden upon UBL implementers to negotiate license terms, eliminates paperwork, and creates a favorable environment for the develoment of open-source UBL software. The UBL NAC joins similar declarations regarding SAML and ODF... ; the full text of the Sun UBL NAC can be found [online]..."

• Sun Microsystems Publishes Non-Assertion Covenant for SAML Implementations. - News story 2006-06-15. Sun Microsystems issued a 'SAML Non-Assertion Covenant' in connection with OASIS Security Assertion Markup Language (SAML) specifications being created by the OASIS Security Services (SAML) TC. Sun's unilateral, voluntary waiver of its right to enforce possibly relevant patent claims alleviates the burden upon implementers to negotiate license terms, eliminates paperwork, and creates a favorable environment for the develoment of open source software. The OASIS Security Services (SAML) TC IPR Page provides similar text for SAML-related non-assertion covenants from RSA Security and America Online, Inc.

• "Sun Patent Non-Assertion Covenant for OpenDocument Offers Model for Standards." News story 2005-10-04. "On September 30, 2005 Sun Microsystems published a declaration of non-enforcement of its U.S. and foreign patents against any implementation of the Open Document Format for Office Applications (OpenDocument) v1.0 Specification or of any subsequent version of ODF. This non-assertion covenant is being praised as a creative mechanism for patent management in the OASIS open standards development context — a "model for patent protection that doesn't involve the glorification of software patents." Sun's public non-assertion declaration may be summarized unofficially as an irrevocable covenant not to enforce any of its enforceable U.S. or foreign patents against any implementation of the OASIS OpenDocument specification; however, this commitment is not necessarily applicable to any individual, corporation, or other entity that asserts, threatens, or seeks to enforce any patents or patent rights against any OpenDocument Implementation.

• "Open Source Development Labs (OSDL) Announces Patent Commons Project." News story 2005-08-10. On the second day of the LinuxWorld Conference & Expo in San Francisco, Open Source Development Labs CEO Stuart Cohen announced a new OSDL Patent Commons Project "designed to provide a central location where software patents and patent pledges will be housed for the benefit of the open source development community and industry. Plans for the OSDL Patent Commons Project call for the creation of a "library and database that aggregates patent pledges made by companies. The library will also aggregate other legal solutions, such as indemnification programs offered by vendors of open source software. It will include a collection of software patent licenses and software patents (issued and pending) held for the benefit of the open source community.

• "IBM Proposes a Patent Commons for Royalty-Free Open Source Software Development." News story 2005-01-13. IBM announced a new innovation initiative to support an industry-wide "patent commons" through which patents offered without payment of fees or royalties are used "to establish a platform for further innovations in areas of broad interest to information technology developers and users." The pledge extends to Open Source Software (OSS). IBM has seeded the initiative by publishing a "Statement of Non-Assertion of Named Patents Against OSS" that identifies 500 listed U.S. patents and/or the counterparts of these patents issued in other countries. The pledge to offer these patents free of fees or royalties "is applicable to any individual, community, or company working on or using software that meets the Open Source Initiative (OSI) definition of open source software now or in the future."

Andy Updegrove Legal Commentary

Several articles and pieces of commentary have been published, reporting or speculating on the background to Microsoft's decision leading to the OSP. Here are excerpts from the Blog entry of Andy Updegrove (Consortiuminfo.org):

Microsoft has just posted the text of a new patent "promise not to assert " at its Website, and pledges that it will honor that promise with respect to 35 listed Web Services standards. The promise is similar in most substantive respects to the covenant not to assert patents that it issued last year with respect to its Office 2003 XML Reference Schema, with two important improvements intended to make it more clearly compatible with open source licensing. Those changes are to clarify that the promise not to assert any relevant patents extends to everyone in the distribution chain of a product, from the original vendor through to the end user, and to clarify that the promise covers a partial as well as a full implementation of a standard.

I learned about the new covenant from Microsoft yesterday, which provided me an advance copy of the covenant and the FAQ that accompanies it and an opportunity to ask questions about what it is intended to accomplish. I did have a few requests for clarifications that I'll incorporate below which may resolve some of the questions that might occur to you as well...

By way of general introduction to those not familiar with this type of mechanism, a non-assertion covenant (also sometimes called a "covenant not to sue", or in this case, a "promise not to assert") is at minimum a pledge given by a patent owner that someone that implements a standard will not be sued for doing so by the patent owner, subject to certain limitations. In effect, it is similar to the more traditional promise given by companies when they engage in the development of a standard, but with several important differences:

1. Instead of reserving the right to require each implementer to agree to the terms of a license agreement of the patent owner's choosing, the promise is "self-executing," meaning that the implementer doesn't have to do anything at all, except stay within the conditions of the covenant. Where, as with the new Microsoft promise, it is explicit that no one down stream need obtain a license as well, a key requirement of many of the most popular open source licenses is met as well.

2. Unlike the usual promise to license on RAND ("reasonable and non-discriminatory") terms, where the terms themselves are almost never made public in advance, and often never at all, all of the terms in a non-assertion covenant are out in the open, and apply equally to all. When such a promise is made before the standard is approved, that's even better, because there has been an increase in the number of disputes lately relating to whether the terms actually offered by a patent owner that has made a simple RAND promise have in fact been reasonable (for more see this blog entry , as well as this one).

Such covenants and promises, when they go far enough, are essential to the implementation of open source software under the most popular open source licenses, and as you'll see from the Microsoft Web page, it has gone to the trouble of consulting with a number of members of the open source community in advance regarding the specific wording of the new promise, and has secured approving quotes from two of them...

I think that this move should be greeted with approval, and that Microsoft deserves to be congratulated for this action. I hope that the standards affected will only be the first of many that Microsoft, and hopefully other patent owners as well, benefit with similar pledges...

Principal References

• Main OSP publication:
  • Microsoft Open Specification Promise. Published: September 12, 2006. Updated September 14, 2006 or later.
  • Covered Web Services Specifications
  • Microsoft Covenant Regarding Office 2003 XML Reference Schemas
• Related:
  • Microsoft: Web Services and Other Distributed Technologies
  • Web Services and the Microsoft Platform
  • Microsoft and Interoperability
• Commentary:

  • [September 13, 2006] "Microsoft Calls IBM's Bluff on Patent Pledges." By James Governor. MonkChips Industry Blog (September 13, 2006). "What can I say about Microsoft's decison to offer a patent covenant around web services and identity protocols? [...] What about Mike Milinkovich from Eclipse, otherwise known as .NET's worst nightmare? [Mike says:] "It was particularly interesting to read the community feedback and realize that Microsoft has been consciously and conscientiously working with the open source community to develop this document. That's an important step forward for them, as it demonstrates they believe the open source community is now integral to the broad adoption of technologies they care about." Of course RedMonk long ago recognised the huge changes at Microsoft with respect to open intellectual property models, but its more interesting coming from Mike. My question is: what does IBM do to up the ante? If there is one war I will sign up to enthusiastically its the war for open standards, unencumbered by potential chilling effects. So come on IBM lets see you really nail it. The 500 OSS patent pledge was just a tester. Lets see more irrevocable stuff. You could argue IBM covenants are not a bluff, but I have yet to see anything as clear and domain-specific as Microsoft's new policy..."

  • [September 13, 2006] Microsoft Promise." Bob Sutor. Blog. September 13, 2006. "David Berlind has been wondering what we think about this, so here goes: nice start, but there is such a long, long way for them to go after being such active opponents to open collaboration and innovation. The first step was perhaps hard, but they now need to start running fast to catch up to where the industry has been around open operating environments, open middleware, open development environments, and so forth."

  • [September 12, 2006] "Microsoft Licensing News." By Mike Jones. OSIS list posting, September 12, 2006. "As of today, the InfoCard/CardSpace specs are not on the list [of Covered Specifications]. The good news is that (a) all the web services specs underlying CardSpace are covered (which is great news!) and (b) it means we've done the work internally to enable us to license specifications in this way. Licensing additional specifications under these same terms should be much easier to do at this point, but I obviously can't make public commitments yet beyond those we already have buy-off on. Watch this space for further developments..."

  • [September 12, 2006] "Microsoft Releases New "Open Specifications Promise" on 35 Web Services Specifications." By Andy Updegrove. from Consortiuminfo.org blog (September 12 2006, 02:01 PM EDT).

  • [September 12, 2006] "Microsoft Open Specification Promise." From Johannes Ernst's Blog. September 12, 2006. "As many readers of this blog probably know, the OSIS project, that we co-initiated at NetMesh with Verisign and Microsoft, was one of the major drivers for this promise, as this promise is necessary for non-Windows InfoCard / CardSpace implementations. OSIS now has many member companies such as IBM, Red Hat, Novell, Sun, Sxip, Cordance, Ping and Social Physics, and just was chartered as a working group under the new Identity Commons..."

  • [September 12, 2006] "Microsoft's Open Specification Promise." By Kim Cameron (Microsoft). Posted on Tuesday 12 September 2006. "Today marks a major milestone for Mike Jones and myself. Microsoft announced a new initiative that I hope goes a long way towards making life easier for all of us working together on identity cross-industry... Note that you don't have to 'do anything' to benefit from the promise. You don't need to sign a license or communicate anything to anyone. Just implement. Further, you don't need to mention or credit Microsoft. And you don't need to worry about encumbering people who use or redistribute or elaborate on your code - they are covered by the same promise. The promise is the result of a lot of dialog between our lawyers and many others in the industry. Sometimes we developers wished progress could have been faster, but these are really complicated issues..."

  • "Microsoft Open Specification Promise." By Rohan Pinto. From Rohan Pinto's Blog. September 12, 2006. "...credit goes to Kim Cameron & Mike Jones for making this a reality... [Johannes Ernst] I think extra credit also goes to Dale Olds and the folks at Novell, Pete Rowley and the folks at Red Hat, Michael Graves, Brian Matthews and the folks at Verisign and all members of the OSIS project, who were prime drivers to make this happen. Otherwise it wouldn't be possible, for example, to build an open-source implementation of CardSpace without threat of being sued..."

  • "Interesting News." By Gerald Beuchelt (Sun Microsystems). Web Services Contraptions Blog. September 12, 2006. "Microsoft today announced their "Open Specifications Promise", essentially a non-assertion covenant for a huge chunk of WS-* protocols. This is quite good news for a number of reasons: (1) All existing implementations of WS-* technology are safe from any legal harassment from Microsoft. Not that they would do this necessarily, but this covenant gives peace of mind; (2) Since pretty much all security specs are out, OSIS and Higgins are now in a much better position to implement a WCS compatible InfoCard selector; (3) The best thing about this is the fundamental mindshift at Microsoft..." See also OSIS post.

  • "Microsoft's new promise: a welcome development." By Eve Maler (Sun Microsystems). Pushing String Blog. September 12, 2006. "Today there's been good news on the IPR front: Microsoft has published what it calls an Open Specification Promise that has the effect of offering a non-assertion covenant on a host of specifications that Microsoft has authored and co-authored. For a legal statement, it's remarkably clear and easy to read... I like that they went and called it a 'promise', much as I did when announcing Sun's similar promise on the SAML2 standard and the Web SSO Interop specs in this post in June. For some reason, I've noticed that non-lawyers get spooked by anything called a 'covenant not to sue', I suppose because it contains the 's-word'. So this clear language and the deep assurances to developers that Microsoft has offered today are very welcome indeed, and a huge contribution to what is shaping up to be a trend..."

  • "Microsoft Open Specification Promise." By Jorgen Thelin. From TheArchitect.co.uk - Jorgen Thelin's weblog. "Despite the fact that Microsoft has consistently stated its commitment to make the WS-* specs available on a royalty-free basis, some in the industry have remained concerned by a lingering amount of FUD around the intentions and motives for the Web services specifications. So, in a further effort to reassure the legions of WS-* supporters everywhere, and after much consultation with the industry and representatives of the open source community, Microsoft today announced a personal Open Specification Promise (OSP) to implementers of any of the 35 different Web Services specifications — from SOAP and WSDL through to all the Advanced Web Services specs like WS-ReliableMessaging and WS-SecureConversation..."

  • "Microsoft Promises Not to Sue over Web Services Specs." By Peter Galli. From eWEEK (September 12, 2006).

  • "Open Specification Promise." By Jason Matusow. Matusow's Blog. September 12, 2006. "Today we announced the availability of Microsoft's Open Specification Promise. This is a simple set of text (less than one page) that is an irrevocable promise to anyone in the world that MS will not sue them for the use of MS patents in an implementing (partially or fully) a covered specification. Full stop. Other companies have gone down this path and have called them Covenants Not To Sue (or CNS) or other such names. Ours is a promise, and it is irrevocable so we named it as such. I have been involved with the team working on this for many months, and it is a great next addition to the spectrum approach we have for intellectual property... We have three basic categories of activity around the availability of our IP: Commercial Licensing, Community Licensing, and Open Specifications. 'Open Specifications' is the latest extension to our spectrum approach — [to] enable no-cost access to protocols and document format specifications that enable anyone to build implementations under whatever development model they see fit to use: (a) Open XML specifications for Office; (b) 35 Web Services specifications..."

  • "Microsoft Makes the Promise." By Drummond Reed. Equals Drummond Blog. "Today Microsoft made good on the promise that Kim Cameron and Mike Jones made to the Identity Gang members many months ago: that the IPR necessary for CardSpace (formerly InfoCard) would be made available so that anyone, on any platform, using any license (yes, even GPL), could use it. But it goes further than CardSpace — it's the for the WS-* stack... well, most of it,there are still a few more details on coverage to work. They call it the Open Specification Promise, and it's worth reading in depth..."

  • Microsoft Won't Assert Web Services Patents." Posted by kdawson on Tuesday September 12, @06:33PM, from the Slashdot so-don't-sue-me dept.

• General:
  • Patent Pledges and the Patent Commons. Examples of non-assert pledges and contributions to a 'Patent Commons' (Computer Associates, IBM, Nokia, Novell, Open Source Development Labs (OSDL), Red Hat, Sun Microsystems.
  • On the problematic "non-sublicensable" patent license: see OASIS Intellectual Property Rights (IPR) Policy [Effective date: 15 April 2005]. "10.1 RAND Mode TC Requirements": "...each Obligated Party in such TC hereby covenants that, upon request and subject to Section 11, it will grant to any OASIS Party or third party: a nonexclusive, worldwide, non-sublicensable, perpetual patent license..."
  • "Apache Software Foundation Rejects Microsoft Patent License Agreement for Sender ID." News story 2004-09-03.
  • "Patents and Open Standards"