mnot’s blog

Design depends largely on constraints.” — Charles Eames

Wednesday, 13 September 2006

Web Services

Some Questions for Software Vendors

Everyone seems to be gushing about Microsoft’s Open Specification Promise. While any headway is good in the horrible landscape that is Intellectual Property, my initial reaction is that it — like most such vendor promises — is too little, too late.

“Too late” because the WS-* stack has been in the standardisation process for more than seven years now, and for all of that time, the threat of patent claims has hung over it like the sword of Damocles. It’s hard to avoid the conclusion that MSFT is only making their IP stance clear when they’re about to ship product, to get maximum FUD beforehand.

“Too little” because the license seems too tightly scoped to give much real benefit. However, IANAL, so maybe Microsoft can help me by answering a few questions. While we’re at it, most of these questions apply to other software vendors too; picking on Microsoft is easy, but not the whole story.

The crux of the license is this:

“Microsoft Necessary Claims” are those claims of Microsoft-owned or Microsoft-controlled patents that are necessary to implement only the required portions of the Covered Specification that are described in detail and not merely referenced in such Specification.

Let’s go through that point-by-point.


A Microsoft Necessary Claim is scoped to claims of Microsoft-owned or Microsoft-controlled patents.Control ” seems murky; for example, what exactly is Microsoft’s relationship with Intellectual Ventures, and are any IV-controlled patents also MSFT-controlled?


Then, it further reduces the promise to …patents that are necessary to implement… The text above it, however, includes a promise not to assert for “ using ” implementations. Which is it?

E.g., if I use WS-* to implement a monitoring system, or a shopping cart, or whatever, and MSFT has patents on those uses, will I be protected by the Promise? If not, what does “using” mean in the text? Is it there just to make us feel better?

Required Portions

It goes on: …required portion of the Covered Specification…. Who defines required?

For example, while it seems like the promise covers SOAP, it’s only the required portions. Even from the W3C’s standpoint, RPC isn’t required by SOAP; neither is SOAP Encoding, or headers, or the MEPs, or the HTTP binding. In fact, due to the “infinite extensibility” architecture of WS-*, there’s precious little that is required, by design.

Referenced Specifications

It finishes up with …__that are described in detail and not merely referenced in such Specification.

So, while you get a pass for the specs listed, what about referenced specs like XML, HTTP, URIs, Cookies, and for that matter TCP and UDP? If MSFT has patents in those areas, will the Promise cover their use — even when used in conjunction with WS-*?

This is interesting in the case of the WS-I Basic Profile, which is nothing but a set of references to other specifications, along with a few not-too-detailed specifications. I suspect the Promise is a no-op for that spec.

The Big Picture

Because the current IPR environment is so horrible, any commitments are an incentive to use a technology — and a disincentive to use those where the patent FUD is still in place. Nothing comes for free; by licensing a specific technology, vendors are trying to make it more attractive in the hope that revenue will follow. If they can steer you to a solution that has a high barrier to entry, so much the better for them.

A prime example is HTTP, URIs and the other infrastructure of the Web; vendors aren’t racing to clarify their stances on the foundations of the Web, and I can’t help but think it’s because they have a hard time making money on something with such a low barrier to entry. On the other hand, if you have applicable patents, you’re sitting on a gold mine.

The emergence of “use” patents is also worrisome; vendors can commit to licensing the IP necessary to implement — thereby getting the network effects of standards and open source implementation — while reserving the right to put IP pressure on anyone who steps outside of those fuzzy bounds. More cynical vendors could turn this into a business model, funnelling customers to their solutions under threat of prosecution.

If I’m misreading vendors’ intentions, these shortcomings should be easy enough to fix, thereby giving users a lot more confidence about the IP situation around Web services and the Web itself. How about it, Microsoft? Other vendors?