Musings on Digital Identity

Re: Microsoft’s Open Specification Promise

Ben Laurie wrote:

The Software Freedom Law Centre has published an analysis of the OSP. I don’t really care whether the OSP is compatible with the GPL, but their other points are a concern for everyone relying on the OSP, whether they write free software or not.

The “analysis” tries to insinuate that since Microsoft doesn’t promise that future revisions of specifications covered by the Open Specification Promise will be automatically covered unless Microsoft is involved in developing them, that it’s not safe to rely on the OSP for current versions either. This is of course false, as the OSP is an irrevocable promise that Microsoft will never sue anyone for using any of the covered specifications (unless they sue Microsoft for using the same specification, which is a normal exception in all such non-assertion covenants).

On this point, Gray Knowlton wrote:

It is unusual for promises like the OSP to automatically include every spec or all future versions (IBM’s pledge is exactly like ours). The norm is for new versions to be added to them to be covered. In the case of Sun’s statement new versions are automatically added only when they participate in the development of the new version to the extent that the OASIS IPR rules would then obligate them to provide patent rights under the OASIS IPR Policy. None of these promises include future versions of the specifications without any qualification.

While I normally wouldn’t wade into legal debates, I writing because I’m proud of what Microsoft has enabled for the industry through the OSP, and the “analysis” leaves some very false impressions. Gray does a great job of responding in detail so I won’t do so here. Please read his response before drawing any conclusions. In particular, I believe the OSP and similar promises from other industry leaders have laid a stable foundation for the broad acceptance and adoption of the protocols underlying Information Cards, Web Services, and other important interoperable industry-wide protocols.

I see no cause for concern.


Welcoming Credentica’s People and Privacy Technology to Microsoft


Zend PHP Information Card Software


  1. interoperate


Leave a Reply

Powered by WordPress & Theme by Anders Norén