Microsoft, Apache POI and the Open Specification Promise

I have been working with Sam Ramji and Robert Duffner from Microsoft, and I have been very pleased to resolve the issues that I had with the work they are funding for the Apache POI project. Not only has Microsoft addressed the concerns that I had with regards to patents and OOXML, but they have gone a step further and added the binary formats to the list. By publishing their clarifications to the Open Specification Promise (OSP), Microsoft has acted both in good faith and purpose. For me personally, this is a big step forward. At one time, I donated my Open Source project to Apache, partially out of fear of Microsoft. Now, Microsoft is becoming a key contributor to this project.

Although the OSP does not address some of the edge cases where work may be required for compatibility but not for implementing the specification, Microsoft has agreed to go further and sign a specific agreement with Apache which will address this concern for the work they have funded with POI. Furthermore, the OSP will be managed as a legal product much like the way that an Open Source project is, with revisions as they are needed.

It is prudent for the Open Source community to work cautiously with any large corporation. Having dealt in the past with Sun and IBM, I know that any such relationship will have its ups and downs. Microsoft has had an adversarial relationship with the Open Source community, including making vague and unsubstantiated patent claims towards Linux, but there are good people at Microsoft working in good faith to bridge this gap. While individuals at Microsoft may do this for altruistic reasons, companies behave in this way due to rational self interest. Therefore, as open source technologists, we can compete with Microsoft in some areas (hopefully not in the courtroom), and cooperate in other areas. This situation is, fortunately, an area of the latter.

For my part, I look forward to further cooperation with Microsoft. It has been a pleasure working with Sam Ramji and Robert Duffner. I might not have had this opportunity had it not been for a certain OSI Board member / Open Source diva along with Sam Ruby. Thanks.

-Andrew C. Oliver Professional Open Source Developer Founder, Apache POI Member, OSI


That is nice. Is this a specific change just for Apache/POI? Or does it address all the issues the SFLC found with the OSP?

This is in response to the SFLC comment below. There is a bug that prevents me from replying directly. I feel that "Irrevocable but Only for Now" is probably something we should clarify in the future. This was not an issue I tried to address. I will look into it. I'm not validating the issue or refuting it just saying "good one, I'll look into it". I feel that "The OSP Covers Specifications, Not Code" is sufficiently clarified in Microsoft's response and the OSP itself. I also don't know that the legal people that I consulted with agreed with the SFLC on this issue. I actually don't think it was that unclear in it actually says "... any implementation" which kind of makes this a misunderstanding of what an implementation is I guess. I feel that "No Consistency with the GPL" is not relevant for Apache POI which is licensed under the Apache License 2.0. It is possible that there may be incompatibilities between the GPL and the conditions of the OSP. However, this is not unique to the OSP and as I understand it there is a general problem of the disjointedness between Copyright law and Patent law. The OSP is a covenant not to sue over PATENT issues and is between Microsoft and anyone who is "making, using, selling, offering for sale, importing or distributing any implementation" of their covered specifications outlined. For POI I am only interested in whether it is compatible with the spirit/law open source definition and for consistency sake the 2.0 version of the Apache License. Also note that I am not trying to fix any kind of global issue here. I'm just a coder who has been fortunate enough to be successful with that code. I feel a great deal of responsibility to those who helped me succeed and more particularly with POI. I am just working to make sure that trust was not misplaced and that I guard that POI stays safe for them to use. POI is not one of these purist open source projects. Indeed it runs afoul of other interests in the open source and open standards community in that it is there strictly for compatibility with predominantly Microsoft products. Namely, I originally started it so Solaris and Linux servers could output reports to Excel. Microsoft has developed a clear interest in this area where in the past they might have viewed it through the glasses of platform competition (Java, Linux, Unix, etc) in the server market. As I commented in Sam's blog. The OSP clarifications are only step 1 in this process. The next step is ensuring the patents are available to the whole scope of POI. Meaning "compatibility" rather than strictly implementations of the specifications writ. Meaning patents on XML parsers and whatever will also be involved in any OOXML implementation by POI. There are those patents that may not be necessary, required, etc for implementing the specification but for reading and writing files in the wild (i.e. a report written by a bad implementation). This will for POI can be addressed by a specific agreement with Microsoft. Globally, however, I'd like to see Microsoft treat Open Source like a "commons" or "patent safe zone". I see this as in their long term interests as they are probably even more frequently targeted by patents as open source as a whole. However, Microsoft is taking positive steps in the case of POI and Apache generally. They should be thanked for that. Engaging Microsoft in the open source community is ultimately in my view a great success for Open Source and Microsoft.

To promote and protect open source software and communities...

For over 20 years the Open Source Initiative (OSI) has worked to raise awareness and adoption of open source software, and build bridges between open source communities of practice. As a global non-profit, the OSI champions software freedom in society through education, collaboration, and infrastructure, stewarding the Open Source Definition (OSD), and preventing abuse of the ideals and ethos inherent to the open source movement.

Open source software is made by many people and distributed under an OSD-compliant license which grants all the rights to use, study, change, and share the software in modified and unmodified form. Software freedom is essential to enabling community development of open source software.