Security/identity / XML · 2006-09-12

Microsoft’s new promise: a welcome development

Today there’s been good news on the IPR front: Microsoft has published what it calls an Open Specification Promise that has the effect of offering a non-assertion covenant on a host of specifications that Microsoft has authored and co-authored. For a legal statement, it’s remarkably clear and easy to read.* Here’s the main bit:

Microsoft irrevocably promises not to assert any Microsoft Necessary Claims against you for making, using, selling, offering for sale, importing or distributing any implementation to the extent it conforms to a Covered Specification (“Covered Implementation”), subject to the following. This is a personal promise directly from Microsoft to you, and you acknowledge as a condition of benefiting from it that no Microsoft rights are received from suppliers, distributors, or otherwise in connection with this promise. If you file, maintain or voluntarily participate in a patent infringement lawsuit against a Microsoft implementation of such Covered Specification, then this personal promise does not apply with respect to any Covered Implementation of the same Covered Specification made or used by you. To clarify, “Microsoft Necessary Claims” are those claims of Microsoft-owned or Microsoft-controlled patents that are necessary to implement only the required portions of the Covered Specification that are described in detail and not merely referenced in such Specification. “Covered Specifications” are listed below.

This promise is not an assurance either (i) that any of Microsoft’s issued patent claims covers a Covered Implementation or are enforceable or (ii) that a Covered Implementation would not infringe patents or other intellectual property rights of any third party. No other rights except those expressly stated in this promise shall be deemed granted, waived or received by implication, exhaustion, estoppel, or otherwise.

The blog has an excellent analysis of both the official statement text and the FAQ that follows.

I like that they went and called it a “promise”, much as I did when announcing Sun’s similar promise on the SAML2 standard and the Web SSO Interop specs in this post in June. For some reason, I’ve noticed that non-lawyers get spooked by anything called a “covenant not to sue”, I suppose because it contains the “s-word”. So this clear language and the deep assurances to developers that Microsoft has offered today are very welcome indeed, and a huge contribution to what is shaping up to be a trend.

I see some OSIS-related triumphalism about this, and it certainly seems that OSIS discussions of late have been an important driver of this new development, as Johannes rightly notes. It does look as though there are a few remaining questions that need to be answered (my colleague Gerry Beuchelt poses some here) before we know whether non-Microsoft developers of CardSpace-compatible implementations should feel similarly at ease.

I’m sure we’ll learn more as we go. In the meantime, congrats to Kim Cameron et al. for their work on this. Having negotiated these things with Sun lawyers several times in the past, I’ve come to respect the world of IPR declarations as a technology in and of itself, one that’s difficult to master.

*Okay, after all these years, I finally looked up estoppel — turns out it means non-repudiation. Cool.

UPDATE: Since Simon Phipps’s commentary on the subject mentions this post, people coming to Pushing String for the first time may want to check out my further commentary above.