I call it the "give 'em enough rope" approach to open source: a commercial software vendor releases some portion of its software portfolio under an open license. Hurrah! Cheers all around.
Look closer, however, and the truth emerges. By itself, the code isn't good for much. It might be a library for developers, or it might only implement basic functionality, leaving out more sophisticated enterprise features. Buying into it means you've accepted that vendor's approach hook, line, and sinker. Yet when you download the code for free it comes without support. Cue the sales pitch.
Sun comes to mind as a recent example. At the Burton Group's Catalyst North America 2005 conference in mid-July, Sun announced that it would release the code for its Web authentication and single sign-on (SSO) software, part of Sun's digital identity software stack.
Identity management is a hot area, so on the surface this would seem like a generous gift. And yet, identity infrastructure is a complex beast, of which SSO is but one small part. When you read between the lines, what Sun's OpenSSO project offers isn't much more than a way for developers to interface with Sun's commercial Java System Access Manager product.
Is that really open source? I'd argue that it isn't - not in the sense of a genuine effort to foster community and build the common base of shared code. This is open source as marketing.
What Sun is selling is the bigger picture. Today the enterprise SSO market is broad and relatively mature, with lots of vendors vying for market share. And Sun has fallen behind. The real challenge on the horizon is identity federation - linking one company's identity infrastructure with those of its customers, subsidiaries and business partners.
But as a founding member of the Liberty Alliance, a consortium that develops and promotes standards for identity federation, Sun definitely has the goods to win the larger race.
To get the ball rolling, however, it needs to steer the conversation away from issues like SSO and toward federation. OpenSSO does just that.
By giving away a feature that's a key component of other vendors' commercial suites, Sun aims to trivialise SSO. Historically, technologies that become commoditised eventually find a home in open source; therefore, an open source technology must be a commodity technology. Plus, as we all know, you get what you pay for.
I can admire Sun's swagger, but I'd argue that this tactic isn't very helpful, mainly because it isn't honest. The open source movement is already about much more than research toolkits and hobbyist projects, as Sun well knows.
What we don't need more of, on the other hand, are sleights of hand, gimmicks, and marketing disguised as open source. OpenSSO may become the dominant SSO technology - who knows?
But what if Sun had made a serious commitment to develop its identity infrastructure products through open source, federation and all?
I'm willing to bet that in the long run, as the software market continues to evolve, companies that are willing to take that last step will be the ones that come out ahead.