Alex Barnett blog


Open Source in a SaaS World

About a year ago, I took part in a meeting where the question: "What does open source "mean" in a SaaS world?" came up in conversation.

A year later, that same question is becoming increasingly pertinent as the IT industry's move to Software-as-a-Service (SaaS) and cloud-based computing accelerates.

For Bungee Labs (I work there), where

  1. we provide an entire platform-as-a-service  (PaaS)
  2. developers create, share and re-use code and deploy apps in the cloud
  3. developers "consume" and program against third party web apis and will create their own

...the "meaning" of FOSS is central within these different contexts and has many possible answers with many non-trivial implications...Three dimensional chess as it were.

Three-dimensional chess in the 23rd century.

(pic source: Memory Alpha, the Star Trek wiki)

For this post, I want to share some of the considerations relating to # 1) above: the context of open sourcing Bungee Labs' own system (Bungee Connect). Last month we stated that:

"Bungee Labs is evaluating several Free and Open Source Software (FOSS) licenses for the software components that comprise the complete Bungee Connect system. However, the task of reviewing the various FOSS licenses, and then identifying which of them best aligns with the software components and subsystems created by Bungee Labs–as well as ensuring compatibility with third-party components upon which Bungee Connect relies–requires considerable review and source code preparation. And we want to do this right, with the community’s involvement."

Since and before that announcement, Ted Haeger (who runs the Bungee Connect Developer Network) has been discussing some of the issues at hand and some of the options we see before us with some very "FOSS savvy" communities at events such as Socal Linux Expo, LugRadio Live USA and LinuxFest Northwest and of course with Bungee Connect's own growing developer community.

Today there's an interesting conversation going on between Ted and Simon Wardley, ex-COO of Zimki / Fotago who resigned last year over the company's decision not to open source their platform (the video of his announcement at a OSCON 2007 talk he gave "Commoditisation of IT and What the Future Holds" makes for entertaining and informative viewing all of its own...Simon discusses open source in a SaaS context. Update: Simon let me know of this video which also includes the slides

Anyway, back to the thread:

All three posts (and more to come no doubt) make an informative and interesting read, but I want to highlight one of the key issues in discussion.

The SaaS Loophole

The issue goes back to the question: "What does open source "mean" in a SaaS world?" and specifically the licensing issues. I'm going to quote and edit from Ted's post somewhat  liberally (Ted owes me a Sushi, so we're quits now :P ) and isolate an (if not "the") open source licensing issue in the context of SaaS (my emphasis):

"Personally, I think that GPLv3 is the wrong license for freeing any SaaS or PaaS offering. The Free Software Foundation has a better license for this purpose.

GPLv3 is inadequate because it does not mandate that modifications that others make be opened. Originally, GPLv3 was planned to close up the “SaaS Loophole” (a.k.a. the “ASP Loophole”) in GPLv2. However, as I understand it, several large companies pressured the FSF to remove the key clause that would have closed the loophole.

What is the loophole? It’s this: if you take free software and offer it as a hosted service, then you are not conveying the software, and are therefore not obligated to reciprocate your modifications to the original code. In the context of service providers, GPLv3 is effectively the same as the BSD license. Many companies, Google among them, live inside this loophole. (For now, Bungee Labs is also in that camp.) Some remain there deliberately. Others are in it simply as a matter of course…that is, where they are in their business development process."

So that's the "SaaS loophole". Where's the loophole now? Ted explains:

"Perhaps the argument could have been made in the age of GPLv2 that the SaaS Loophole was an oversight, but now that GPLv3 has the loophole by design, it’s really no longer a loophole. The latest version of the license supports the practice. (And just to be clear, I am not advocating this for Bungee Connect.)

...Say Bungee Labs opens Bungee Connect under GPLv3. Is there a danger that small companies could replicate our offering? I don’t think that’s the case. But could a well-funded company do the same, fork the code, and then fund an engineering team to outpace the original inventors?

...The Free Software Foundation also provides the GNU Affero General Public License version 3, or AGPLv3. AGPLv3 specifically closes the SaaS loophole. Instead of being triggered by conveying the software, AGPLv3 is triggered by accessing the service. This helps to reduce the risk that a company could not branch the code and then out-engineer the originators, as the vulture company would be obligated to share-alike terms with their derivations."

So, is the AGPLv3 the right license for Bungee Labs to pursue?  Is it the right license for SaaS providers? Is it enough on its own? (back to Simon Wardley's point in his post). Each company has their own unique circumstances and they each need to think through the 3D chess game. We're still working it out at Bungee Labs.

For us at least, I think some of the potential answers are becoming clearer, and others not yet. But it is the kinds of discussions that Ted is having with Simon that are a critical part of Bungee Labs' decision making process around FOSS. It cannot be an insular process.


Simon Wardley said:

Hi Alex,

I've posted a better video of the OSCON talk (which includes the actual slides).

In the case of open sourcing a platform for building applications such as BungeeLabs', you mind find yourself dealing with issue which is a transition in mindset, from a product focus to a service focus.

This is often particular difficult as many people are wedded to the idea that competitive advantage is in the product or technology, whereas in a service world competitive advantage for the provider is in the operations and hence the service itself.

This service world will ultimately lead to marketplaces, and portability will become key. Some companies will make the shift towards service providers, some IT product companies will find niche product roles and some will ask "What happened?" as the administrators turn up.

As for the chess game, you are absolutely right there is no one single solution and it all depends upon what you are trying to create. If you're going for the marketplace then GPLv3 & Trademarks & Partner Program is an ideal approach, however you may have other plans.

# May 16, 2008 3:34 AM

alexbarnett said:

Simon, thanks for the links. Video with slides is better :-)

The points you're making re: competitive advantage existing at the operations level (and hence the QoS itself) and portability are very interesting.

Re: portability and the issue of lock-in -

Last month we announced Bungee Application Server + source code access (see the proposed licences here - Commercial and R&D) in response to customer feedback, plus another announcement providing the option for customers to to run the Bungee Grid on EC2. Do these solve the all portability questions? No, we do think it addresses some of the questions raised in your post though, but not all. Still more to think about and do.

The repuation & trademarks, Partner Program / market place approach is another good set of ideas we can think through (and one that may be entirely interoperable with the Affero v3 license).

Thanks for taking the time to interact with us.

# May 16, 2008 5:45 AM

TrackBack said:

# June 5, 2008 6:44 PM

Alex Barnett blog said:

Well, the great Bungee Jump has come. Martin Plaehn, CEO of Bungee Labs has shared the news of the company

# August 27, 2008 6:36 PM