Wed 13 Sep 2006
A promise that cannot be broken
Posted by Pete Rowley under identity , security , InfoCards , user-centric identity , open source , identity 2.0 , OSIS , CardSpaceSometimes a promise is better than just any old promise, sometimes it is worded in such a way as to legally bind the promiser from reneging on that promise in any meaningful way. There is a legal term used for this kind of binding promise: estoppel. Sometimes such a promise might be made by mistake, and estoppel is used to make the promising party honor the promise in court. That is, it is used to defeat a lawsuit made by the promiser against you. Sometimes the promise is made by the promiser with the intention of binding themselves to the promise with full knowledge the promise essentially relinquishes any legal claim.
Why is that useful? Well, in many spheres standards are used to ensure interoperability between vendors, so that for example a nut and bolt vendor can produce nuts and bolts compatible with other nut and bolt vendors, and software vendors can produce software that interoperates with the software of other vendors. This is why when you buy a nut or a bolt you are concerned only with the size of the part and not which vendor made the part with which it is to connect. However, standards that have technology that is covered by current patents or even patent applications present a problem for the vendors that do not own the patents. At any time the patent owner may reveal the patent ownership, charge fees, or even deny a vendor the ability to create or sell technology based on the compromised standard. It doesn’t stop there, patents allow the holders to sue end users, i.e. the customers of those vendors. The term open standard is often used to describe these standards that are intended for interoperability, but of course the current system of software patents prevalent in the US can often render the “open” part redundant. However, a patent holder might decide that their interests are better served by wide implementation of a standard, and in these cases a binding promise makes good sense.
As much as patents might be painful for corporations, they have an especially chilling effect on open source. You see corporations can assess a risk of being sued and decide that the level of risk is acceptable. It has become a cost of doing business. However, in the open source world each code contributor to a project is potentially liable, each end user is liable, and each distributor is liable. A distributor of open source software has a special, moral, responsibility to protect those to whom they distribute and those who are subsequent recipients. It is not possible to assess risk in the same way as a proprietary software company because all of those subsequently effected by the decision cannot possibly have an input. If it is known that there are even potential patent issues with a software technology, it behoves the potential distributor to pass. In fact, the GPL requires it. That is why you will not find an mp3 player as part of any Red Hat distribution - the mpeg 3 “open standard” specifies patented technology, so despite what you may have believed, it isn’t “free”, not as in beer, nor any other way.
But make a promise, a legally binding promise, that you will not assert your patent claims against anyone who implements those claims in their software and you have something that open source can work with. That is what Microsoft just did with regards to the WS-* set of web services standards. This step enables open source implementations of the underlying protocols of CardSpace a.k.a. infocards. Given the interest that OSIS has in this space, that is pretty significant. Without such a promise, infocards would be a single vendor proprietary technology, and that would be in violation of law 5.
Let’s review the opening:
Microsoft irrevocably promises not to assert any Microsoft Necessary Claims against you for making, using, selling, offering for sale, importing or distributing any implementation to the extent it conforms to a Covered Specification…
I think we have a winner, and in no small part due to the efforts of Kim Cameron and Mike Jones of Microsoft. Thanks guys!
One Response to “A promise that cannot be broken”
Leave a Reply
You must be logged in to post a comment.
October 12th, 2006 at 3:21 pm
[…] There has been a lot of focus on user-centric identity in recent months, but let us not forget about the identity metasystem. The identity metasystem concept is important because it recognizes that even if it is desirable for there to be one protocol that everyone speaks, to get there from here requires a pragmatic acceptance that there will be more than one protocol in the meantime. While choice is a marvelous thing in many situations, it isn’t something that the vendor relishes at the protocol level. When the customer comes calling must you turn them away because they speak OpenID and your software speaks SAML? Recalling my blog regarding the Microsoft Open Specification Promise, multiple standards mean your bolts don’t fit your nuts unless you buy them both from the same vendor. The identity metasystem must provide the necessary adapters so that different systems produced by different vendors on different platforms can at least understand each other, even if they don’t speak the same language. […]