Frequently Asked Questions

The Open Specification Promise (OSP) is a simple and clear way to assure that the broadest audience of developers and customers working with commercial or open source software can implement specifications through a simplified method of sharing of technical assets, while recognizing the legitimacy of intellectual property.

We listened to feedback from community representatives who made positive comments regarding the acceptability of this approach.

OSP General

Why did Microsoft take this approach?

It was a simple, clear way, after looking at many different licensing approaches, to reassure a broad audience of developers and customers that the specifications could be used for free, easily, now and forever.

How does the OSP work? Do I have to do anything in order to get the benefit of this OSP?

No one needs to sign anything or even reference anything. Anyone is free to implement the specifications, as they wish and do not need to make any mention of or reference to Microsoft. Anyone can use or implement these specifications with their technology, code, solution, etc. You must agree to the terms in order to benefit from the promise; however, you do not need to sign a license agreement, or otherwise communicate your agreement to Microsoft.

What is covered and what is not covered by the OSP?

The OSP covers each individual specification designated on the public list posted at Open Specifications. The OSP applies to anyone who is building software and or hardware to implement one or more of those specifications. You can choose to implement all or part of the specifications. The OSP does not apply to any work that you do beyond the scope of the covered specifications.

If a listed specification has been approved by a standards organization, what patent rights is Microsoft providing?

We are providing access to necessary claims consistent with the scope of our commitments in that organization.

What if I don't implement the entire specification? Will I still get the protections under the OSP?

The OSP applies whether you have a full or partial implementation. You get the same irrevocable promise from us either way. In all cases, the OSP covers only your implementation of the parts of the specifications that you decide to use.

The specification I am interested in has some required portions and some optional portions, does the OSP apply to both?

Yes, the OSP covers Necessary Claims for both required and optional portions of the Covered Specifications. Under the paragraph entitled "Covered Specifications" is the language that makes it clear that the OSP applied to portions of the Covered Specifications that are optional ("This Promise also applies to the required elements of optional portions of such specifications").

Does this OSP apply to all versions of the standard, including future revisions?

The OSP applies to all existing versions of the specifications designated on the public list posted on the section Open Specification Promise page, unless otherwise noted with respect to a particular specification (see, for example, specific notes related to web services specifications).

Why doesn't the OSP apply to things that are merely referenced in the specification?

It is a common practice that technology licenses focus on the specifics of what is detailed in the specifications and exclude what are frequently called "enabling technologies." If we included patent claims to the enabling technology, then as an extreme example, it could be argued that one needs computer and operating system patents to implement almost any information technology specification. No such broad patent licenses to referenced technologies are ever given for specific industry standards.

Is this OSP sub-licensable?

There is no need for sublicensing. This promise is directly applicable to you and everyone else who wants to use it. Accordingly, your distributees, customers and vendors can directly take advantage of this same promise, and have the exact same protection that you have.

Is this OSP legally binding on Microsoft and will it be available in the future to me and to others?

Yes, the OSP is legally binding upon Microsoft. The OSP is a unilateral promise from Microsoft and unilateral promises may be enforced against the party making such a promise. Because the OSP states that the promise is irrevocable, it may not be withdrawn by Microsoft. The OSP is, and will be, available to everyone now and in the future for the specifications to which it applies. As stated in the OSP, the only time Microsoft can withdraw its promise against a specific person or company for a specific Covered Specification is if that person or company brings (or voluntarily participates in) a patent infringement lawsuit against Microsoft regarding a Microsoft implementation of the same Covered Specification. This type of "suspension" clause is common industry practice.

Is the OSP intended to apply to open source developers and users of open source developed software?

Yes. The OSP applies directly to all persons or entities that make, use, sell, offer for sale, imports and/or distributes an implementation of a Covered Specification. It is intended to enable open source implementations, and in fact several parties in the open source community have specifically stated that the OSP meets their needs. Moreover there are already a significant number of implementations of Covered Specifications that have been created and/or distributed under a variety of open source licenses as well as under proprietary software development models. Because open source software licenses can vary you may want to consult with your legal counsel to understand your particular legal environment.

Why does Microsoft obtain patents that apply to specifications to which the OSP apply? Is that something that others do too?

Microsoft invests a significant amount of resources in research and development efforts. Like any other company that commits such resources to creating new technologies, Microsoft seeks to protect its investment by obtaining patents on the resulting innovations. At a minimum, patents have value in defending Microsoft with regard to patent infringement claims made by others. Many patent owners use their patents defensively to protect themselves against third-party law suits when they make their patents available under reasonable and non-discriminatory (RAND or RAND-Z) terms and conditions including promises like the OSP.

What is the difference between copyrights and patent rights and why doesn't the OSP include copyrights?

Patents protect the creation or improvement of a novel and useful method, device, process, or material. By contrast, copyrights protect a particular expression or implementation of an invention but not the underlying invention itself. For example, copyright protects the intellectual property rights associated with owning or distributing a copy of the specification as a document. In the particular case of the OSP, copyrights in the Covered Specifications are made available by the publisher of the particular specification. When specifications are published by standards setting organizations, those organizations provide the copyright license. When Microsoft is the publisher of the Covered Specification, a copyright license is provided either as a part of text of the Covered Specification itself, or in a separate document. Copyrights in the Covered Specifications are not provided through the OSP because, in the instances where the standards organization owns the copyright in the Covered Specifications, Microsoft does not have the ability to provide such rights.

Is this Promise consistent with open source licensing, namely the GPL? And can anyone implement the specifications without any concerns about Microsoft patents?

The OSP is a simple and clear way to assure that the broadest audience of developers and customers working with commercial or open source software can implement the covered specifications. We leave it to those implementing these technologies to understand the legal environments in which they operate. This includes people operating in a General Public License (GPL) environment. Because the GPL is not universally interpreted the same way by everyone, we can't give anyone a legal opinion about how our language relates to the GPL or other OSS licenses but based on feedback from the open source community we believe that a broad audience of developers can implement the specifications.

I am a developer/distributor/user of software that is licensed under the GPL, does the OSP apply to me?

Absolutely, yes. The OSP applies to developers, distributors, and users of Covered Implementations without regard to the development model that created such implementations, or the type of copyright licenses under which they are distributed, or the business model of distributors/implementers. The OSP provides the assurance that Microsoft will not assert its Necessary Claims against anyone who make, use, sell, offer for sale, import, or distribute any Covered Implementation under any type of development or distribution model, including the GPL. As stated in the OSP, the only time Microsoft can withdraw its promise against a specific person or company for a specific Covered Specification is if that person or company brings (or voluntarily participates in) a patent infringement lawsuit against Microsoft regarding a Microsoft implementation of the same Covered Specification. This type of "suspension" clause is common industry practice.

Security

Why are you putting Sender ID under the Open Specification Promise (OSP)?

We think we can promote further industry interoperability among all commercial software solutions that utilize email authentication, including open source solutions by making Sender ID more clearly available to the entire internet ecosystem including customers, partners, ISPs, registrars, and the developer community. This approach complements the Microsoft broader commitment to combat the spread of spam, phishing, malware and other exploits in email, as well as interoperability, which we achieve in part through enabling access to our technology.

Are you making Sender ID available under the OSP because you received so much criticism for your original licensing approach to the spec?

We recognize that there are lingering questions from some members of the development community about Microsoft licensing terms and how those terms may affect developers' ability to implement Sender ID. It is important to note that great progress has already been made on email authentication worldwide with more than 5 million domain holders adopting Sender ID as a best practice. Sender ID helps protect brands, reduce spam, and counter email exploits. The OSP is a simple, clear way to reassure a broad audience of developers and customers that any Microsoft patents ever needed to implement all or part of the specification could be used for free, easily, now and forever.

What's the significance of the OSP for Sender ID?

By extending the OSP to the Sender ID format, Microsoft will help the industry combat email spoofing and phishing by fostering greater interoperability among all commercial software solutions for email authentication, including open source-based solutions. Implementers of the Sender ID Framework will not need to be concerned about signing a license in order to implement the anti-spoofing and anti-phishing technology. This approach also complements the Microsoft broader commitment to interoperability, which we achieve in part through enabling access to our technology.

• Microsoft is committed to working with the IT industry and businesses to help protect consumers and businesses from the blight of online threats. The Sender ID Framework is an email authentication specification that helps address domain spoofing - a common tactic used for the spread of spam, phishing, malware and other exploits in email - by verifying the domain name from which an email is sent.

• After more than two years (2003 to 2006) of worldwide deployment to over 600 million users, Sender ID already enjoys broad industry support, with approximately 36% of all legitimate email sent worldwide Sender ID compliant and an estimated 5.5 million domains worldwide protected by Sender ID. Adoption of the Fortune 500 has increased from 7% a year ago to over 23% in year two.

• Email authentication and the ability of validating the identity has become critical in the face of the increase sophistication and online threats being propagated. With Sender ID senders and receiving networks are afforded an additional layer of safety and security from these exploits.

• Sender ID provides significant business value at no cost and impact to performance. Today business throughout the world are realizing enhanced brand and user protection while realizing improved deliverability of legitimate email. With the addition of Sender ID and the sender's reputation, false positive are able to be reduced to nearly zero while false negatives being reduced by over 80%.

• Where can I download the Sender ID specifications?

  • RFC 4405 - SMTP Service Extension for Indicating the Responsible Submitter of an E-Mail Message

  • RFC 4406 - Sender ID: Authenticating E-Mail

  • RFC 4407 - Purported Responsible Address in E-Mail Messages

  • RFC 4408 - Sender Policy Framework (SPF): Authorizing Use of Domains in E-Mail, Version 1

Open XML File Formats

• What are you doing by adding Ecma Office Open XML to the Open Specification Promise (OSP)?

• We are giving potential implementers of Ecma Open XML the ability to take advantage of either the covenant not to sue or the OSP, at their choice. Microsoft had already stated that it offers an irrevocable covenant not to sue to anyone wishing to implement the formats. We understand that some may prefer the new OSP, which we'd like to facilitate.

• Why are you applying both the covenant not to sue and the OSP?

• Some have asked whether we would apply the OSP to Ecma Office Open XML. We don't know whether some will choose the OSP over the CNS, but we want to make that an option.