« March 2012 | Main | May 2012 »

April 2012

04/09/2012

An Introduction to the ISO/IEC 19770-3 SAM Standard Software Entitlement Tag

By John Tomeny, Convener, ISO/IEC 19770-3 Development Group

In a recent blog post, Mathieu Baissac shared some thoughts on the ISO/IEC 19770-3 software entitlement tag. Following is an introduction for everyone in case you are not familiar with the ISO/IEC 19770-2  and -3 software entitlement tag.

The ISO/IEC 19770-3 SAM Standard is a technical specification for software entitlement tags. A software entitlement tag is a digital encapsulation in an XML format of licensing rights and limitations, and optional licensing metrics. The specific information provided by a software entitlement tag can be used to ensure compliance with licensing rights and limits, and to optimize licensing usage and costs.

The software entitlement tag will be delivered through the procurement process of software licences. It applies to both volume and retail procurement processes as well as delivery of open source, shareware, evaluation, and not-for-resale software products. In the volume procurement case, software entitlement tags will typically be received and managed centrally by a customer together with other software asset data.

A software entitlement tag allows for reconciliation of entitlements with software installed and/or used by customers. When a software entitlement tag has been created and electronically signed by a software publisher, it can be used for demonstration of entitlement ownership by a customer.

The following comparison of an ISO/IEC 19770-2 software Identification tag with a software entitlement tag will help to better understand the software entitlement tag:

  • ISO/IEC 19770-2 software identification tags typically travel with the software package and are stored on a computer's disk during installation of the software package.
  • ISO/IEC 19770-3 software entitlement tags typically travel with the software license ("entitlement") purchasing documents and therefore may have many different delivery methods and timings.
  • ISO/IEC 19770-2 software identification tags have no unique instance identifier per instance of tag. If a customer has two copies of the same software product then they have two identical ISO/IEC 19770-2 software identification tags.
  • ISO/IEC 19770-3 software entitlement tags usually have a unique identifier per instance of the tag. If a customer acquires entitlements for two copies of the same software product at different times, each instance of the software product will have a unique software entitlement tag with a unique ID.
  • ISO/IEC 19770-2 software identification tags do not specify a quantity
  • ISO/IEC 19770-3 software entitlement tags contain quantity and units of measure. One instance of a software entitlement tag may entitle many instances of a software package. Additionally, one instance of a software package may have many software entitlement tags – as entitlement rights to use particular features are acquired.
  • ISO/IEC 19770-2 software identification tags contain no entitlement, or "right to use", information – ISO/IEC 19770-2 software identification tags contain only "software identification" information.
  • ISO/IEC 19770-3 software entitlement tags contain specific details about the entitlement rights granted for a particular software product, as well as details about entitlement limits, and how those rights and limits can be measured.
  • ISO/IEC 19770-3 supports software asset management (SAM) processes as defined in ISO/IEC 19770-1. It is also designed to work together with software identification tags as defined in ISO/IEC 19770-2.

Standardization of software entitlements provides uniform, measurable data for both the license compliance, and license optimization, processes of SAM practice. Software entitlement tags benefit all stakeholders involved in the creation, licensing, distribution, releasing, installation, and ongoing management of software and software entitlements.

If you're interested in learning more, just ask...

John Tomeny is a twenty-year veteran of the SAM/ITAM industry, the Convener of the ISO/IEC 19770-3 SAM Standards development group and a co-author of the ISO/IEC 19770-2 Software Identification Tag standard.  He is a distinguished recipient of the IAITAM Fellow designation from the International Association of IT Asset Managers, and winner of the CODiE Award for "Best Asset Management Solution".  John is VP of Sassafras Software, the publisher of  "K2 - KeyAuditor & KeyServer". John serves as chief ITAM consultant and trainer to Sassafras's North American and European customers.

Posted by on 04/09/2012 at 04:18 PM | | Comments (0) | TrackBack (0)

04/05/2012

What is the ISO-19770-3 Standard and How Will it Make Software License Compliance Easier?

By: Mathieu Baissac

I've had the honor of being part of the working group that has been creating the
ISO-19770-3 standard for the last few years.

The scope of the ISO/IEC 19770-3 standard for software entitlements is quite large:

  • Provide customers a mechanism to receive, in a standard format, a recording of their entitlements
  • Establish processes by which this information moves from Publishers through the channel and to the customers
  • Provide mechanism for customers to create their own -3 tags (in case publishers do not provide them)
  • Provide enough information in the tag itself so that:
    • Customers can understand rights and limitations
    • Customers can potentially validate actual compliance  and optimize licensing
      • 

This standard defines, at a high level, the 19770-3 tag as:

            A software entitlement tag is a digital encapsulation in an XML format of:

  • Rights and limitations which have been conveyed to a customer
  • Optional detail metrics which can be used to ensure compliance with the rights and limits.
    • 

This standard does not limit the definition of entitlements to just "license" – but instead describes "rights to use" and "rights to access." This broad definition was adopted as recognition that software licensing models are changing and therefore customers will need to understand all their rights – regardless of whether they purchased a SaaS service, a perpetual license, a term license or maintenance and support.  To determine their compliance position, customers must understand all of these details.

This standard includes the whole concept of providing "metrics" to validate compliance. The standard includes concepts like "test methods" including test values, scripts and URL so that customers can test compliance. We examined a variety of licensing models – including hardware (processors or CPUs), per device, user-based, client access licenses, virtualized guests, etc. 

The standard captures the limits for each entitlement including time (e.g., perpetual vs. start/end date), geographical limits (e.g., can only use it in country X), customer type limits (e.g., only for education), language limits (e.g., can only use the French version), platform limits (e.g., can only use on x86-32), environment limits (e.g., "production" vs. "test"), as well as the ability to apply any number of other limits. By standardizing how these limits are expressed, publishers and customers can both help customers stay compliant.

This standard also enables publishers to provide a lot of additional information including contract information, rules for true-up, purchase information (including channel partners, product names that they use, etc.), auditor, and even activation information. All of these are optional elements which can assist the publisher in better informing the customer.

This standard recognizes that entitlements change as part of a lifecycle. Consequently this standard has lifecycle concepts like revoke, archive, upgrade and deployment concepts such as retail distribution, channels, OEMs, open source, and SaaS to name a few. The standard includes a large number of scenarios such as maintenance renewals, partial upgrades, add-on purchases, edition migration, capacity adjustments, location transfers, evaluation to perpetual conversions, conveyance of secondary use rights, bankruptcy, and true-up. The goal is to provide guidance on what type of entitlement information should be provided under these circumstances.

Lastly, this standard was written to co-habit with the ISO/IEC 19770-2 standard for software identification. Once publishers start supporting both, then customers will be able to answer comparative questions like "what do I have installed" compared to "what do I have the right to install/own/have" or "what is my company using" compared to "what does my company have the right to use" and "how do I validate that I'm using this correctly?"

I look forward to the publication of ISO/IEC 19770-3 and how Flexera Software can help publishers and customers use the standard to improve their understanding and overall management of software licensing.

Posted by on 04/05/2012 at 10:00 AM in Entitlement Management, License Models, Software Compliance, Software Licensing | | Comments (2) | TrackBack (0)

Entitlement and Compliance Management: Talking Successful Software is a resource for software producers and high-tech device manufacturers in licensing and entitlement management.

Follow Us
 Flexera Software
 InstallShield

Recent Posts

Categories

Archives

White Papers

Flexera Software