Centrify's Tom Kemp: Here's the map to avoiding Microsoft's patent minefield

On February 21 of 2008, just two months ago, Microsoft announced "strategic changes in technology and business practices to expand interoperability.

Windows Patent Minefield
On February 21 of 2008, just two months ago, Microsoft announced "strategic changes in technology and business practices to expand interoperability." These changes, which would be incorporated into a set of "Interoperability Principles" that would provide API and protocol documentation for connectivity to and from their "high-volume business products" naming specifically Windows Vista, Windows Server 2008, SQL Server 2008, Office 2007, Exchange Server 2007 and Office SharePoint Server 2007, and any future versions thereof.

On the day of that announcement, Microsoft published 30,000 pages of protocol documentation, and added another 14,000 pages in the beginning of April 2008. With this documentation Microsoft also wanted to make it clear that intellectual property -- in the form of patents -- was associated with them. In a Q&A related to the February 21 press release, Microsoft executive Bob Muglia stated that the company would

"allow open source developers to access these protocols for free for development and non-commercial distribution. For commercial distribution, Microsoft will license related patents on reasonable and non-discriminatory terms, at low royalty rates."

After the publication of these documents, the Gartner Group made a advisory to the effect that Open Source developers should avoid accessing this information unless they had "rigorous processes to keep track of applicable patents". The big question, at the end of the day: How exactly was a developer to know which protocols and functionality were patented and which were not? Although Microsoft published two distinct lists of applicable patents, the MCPP Client Protocol list and the WSPP Server Protocol list, it was not apparent how they mapped directly to the protocols listed in the vast documentation itself.

A few weeks ago, during my own investigation into these issues, I contacted Centrify Corp's CEO, Tom Kemp. Centrify is one of my favorite Linux and UNIX ISVs -- the Mountain View, California-based company is known for their flagship software product, Centrify DirectControl, which permits virtually every distribution and every flavor of UNIX to authenticate natively against Microsoft's Active Directory, using a reverse-engineered implementation of Microsoft's proprietary enhancements to the Kerberos protocols. Centrify also sells and supports a commercial implementation/distribution of SAMBA. Surely, if anyone could make sense of this protocol and patent mess and what this meant for Open Source and Commercial Linux/UNIX developers, Tom could.

Well, as it turned out, Tom spent a good deal of time analyzing the list of protocols and cross-checking it against patent lists -- a non-trivial task considering the volume of information published and that the number of protocols involved. But what Tom came up with after he was done is astounding. As it turns out, as a result of his research roughly 80 percent of Microsoft's server protocols do not appear have patents filed or patents assigned in the United States.

Tom has even gone far to publish a "Map" of which protocols are patented and which are not, on a post that he published this morning on his personal blog on the Centrify web site.

If such a small percentage of these protocols are patented, why did Microsoft offer the world a patent license as well as a copyright license to access its server protocols in October of 2007? The copyright license was a flat fee of $10,000, but if you wanted a patent license, you had to pay on top of that a per-copy royalty which would give access to the documentation, plus a patent license on a set of Microsoft patents said to be relevant to the workgroup server protocols. Remember, that this all came about because of the EU Commission decision in 2004, which was appealed, and then finally confirmed in September of 2007.

It seems that the majority of patented protocols stem from Microsoft's Active Directory Replication, which has 10 patents assigned to it in and of itself -- roughly 20% of all the server protocols, and another 4 are assigned just for DCOM. Given that SAMBA is looking to implement a native Active Directory domain controller in Open Source with SAMBA 4, it would appear that this is where a good portion of their licensing money went -- although at the time it was explicitly said to license the Windows copyrights, not the patents, as GPL3 prohibits incorporating software patents into Open Source projects that use it. Or at least most of us believe Microsoft knew it did.

But if you are looking to simply authenticate against a Windows network, or to share files and data using SMB and related protocols, chances are you can implement those protocols and functionality in your Open Source project or commercial product without worrying about paying Microsoft a single red cent or have any further concerns about litigation. For a company like Centrify which makes its living on Active Directory and Windows networking interoperability products for Linux and other open systems, Tom's Patent Map would appear to be a godsend.

This does bring up further questions, however. Does any commercial Linux distribution that packages SAMBA, for instance, also come under the auspices of Microsoft's licensing agreement with that project? Or is suddenly Red Hat and Oracle -- or even Centrify's competitors such as Likewise (who uses SAMBA's WINBIND to provide Active Directory authentication unlike Centrify's unique implementation) now going to be the target of licensing extortion by virtue of packaging it with a commercial software distribution? And for that matter, is Novell off the hook for being Microsoft's strategic ally?

It would seem that now we have a patent map, it would make sense for projects such as SAMBA to keep an internal "fork" of a version of their software that is completely unencumbered by Microsoft patents -- perhaps by creating a modular architecture so that the relevant pieces -- such as the aforementioned Domain Controller functionality -- can be left out and the entire software project re-packaged as "patent-free" for those companies and end-users who do not want to be the target of possible litigation in the future.

So now that we have The Map, do you feel safer about implementing Microsoft's proprietary protocols in your software projects and products? Talk back and let me know.