Wednesday, June 04, 2008

One Good, One Bad ... Twice.

Let us start with the good. OnSaaS has provided an introduction into the Software as a Service world where it describes a stack of services from the application, to the framework it runs on, to the operating system underneath this. It describes this stacks as SaaS, PaaS (platform) and IaaS (infrastructure). Whilst I dislike the abundance of *aaS terms almost as much as I dislike the growing plethora of *OAs, the division of the the "as a Service" world into a conceptual computing stack is something I'd agree with.

On a side note, IaaS used to be called HaaS back in 2006. I do find that all this term re-invention creates confusion.

What I find unfortunate is their linking (the bad) of the utility computing definition to the term IaaS. Utility computing is a billing and commodity provisioning model whereas "as a service" is simply about delivery methods. Don't confuse the two, they are not the same.

One of the most exciting future developments of the service world is the potential growth of competitive utility computing markets. These markets will be based upon portability between providers and competition in how services are implemented. However, how do you strike the right balance between competition (the difference between services) and yet ensure portability?

As previously explained, over the last year, the optimal way to achieve this is to use a combination of GPLv3 and trademarks. The "SaaS loophole" of GPLv3 allows for competition (an individual service can be modified without releasing the code) whilst preventing the branching of systems into a proprietary product (i.e. any modified code which is provided in a distributed executable must be released). This blend of competition and protection can be enhanced by the use of trademarks to provide compliance information to end users. For example, you can modify the service but you can only use the trademark if you comply to the primitives (which can be tested remotely) and allow for portability (which can be tested remotely).

This perfect storm of competition, protection and portability can be created by using open source software licensed under GPLv3 (or an equivalent) with enforcement of a reputable trademark. If you want to know more about this, then I'd suggest seeking out the counsel of Roberta Cairney. It was my discussion with Roberta which brought out the reasons why the SaaS Loophole was so essential for the SaaS world.

As I said back at OSCON in 2007, GPLv3 is the perfect license for the service world. To close the "SaaS loophole" would reduce the value of the license as it discourages competition and increases the barrier to adoption for no discernible benefit. I said "no discernible" benefit as the idea that you can create portability and compliance by removing the SaaS Loophole is wishful thinking at best. For portability to work, you will need an open sourced standard and the emergence of a compliance authority. GPLv3 is the ideal license for encouraging this to happen.

This view is not universal, as Linux Magazine's doubts1 over the GPL shows. It positively describes Facebook's CPAL (Common Public Attribution License) as an example of what is wrong with GPL.

The attribution term (section 14) of the CPAL is reasonable (the good), as a "powered by FaceBook Platform" lends for the creation of high order, trademark protected forms such as "FaceBook Partner Platform" or "FaceBook Enterprise Platform". Such trademarks can provide end users with useful information on the service provider.

However, I find it unlikely that FaceBook is even thinking in those terms because the CPAL suffers (the bad) from the same flaw as AGPL. Section 15 in effect removes the equivalent "SaaS loophole" which undermines any possible competition or service improvement as well as increasing barriers to adoption by serious providers.

Section 15 .... You must treat any External Deployment by You of the Original Code or Modifications as a distribution under section 3.1 and make Source Code available under Section 3.2.

Though the article states that fbOpen is only asking for attribution, it is in effect asking for a lot more. Under the license, any competitive provider would have to return any operational improvements that they might make in the code.

The "SaaS loophole" is an essential part of competition in a service world.2

Additional Notes:

1.The original phrasing included "tirade against", this was incorrect as I have misunderstood the author's intention - please see comments.

2.The original posting included "and Linux Magazine, in my opinion, is just plain wrong on this matter". I have removed this as my opinion was based upon my misunderstanding of the tone of the original article.