The Apache Software Foundation has recently run into a problem when trying to implement the web services WS-Security "open standard". In Apache's effort to add support for the WS-Security specification to their existing standards based web services SOAP implementation called Axis, they found that they are required to license the WS-Security specification from Microsoft and IBM. According to an Infoworld.com article, the issue arose when VeriSign wanted to provide an implementation of WS-Security to Apache. In order for Apache to even use VeriSign's web services implementation, Apache must must sign license agreements with IBM and Microsoft. This is similar to a problem Apache faces Microsoft's email related Sender ID Patent License.
Apparently these problems occur because these "standards" require that implementers license patents from Microsoft and IBM in order to implement the standard. In this case, Microsoft's patents are "nontransferable" and "non-sublicenseable" to users which is directly incompatible with nearly all "open source" licenses. However, as I see it, the problem is not limited to open source projects.
Even a third party software component vendor who wanted to provide a componentized implementation of these "open standards", even if the components are not open source products, would be required to have all of their customers also license applicable patents from Microsoft and IBM (in this case) in order to use the components.
This makes one realize that the preconceived notion of openness and freedom that is often attached to the term "open standard" and "web services" in particular is simply unfounded.
posted @ Friday, July 15, 2005 12:17 AM