IS ISO 19770 going far enough?

OK, I think everyone following my posts knows by now that I believe these tags are an important step in solving the challenges associated with Software Asset Management.  But, I really haven’t talked about whether this is enough or not.


Before I go further, let me review the different parts of this standard:


-1 – Established a set of best practices for implementing SAM


-2 – Created a first industry standard mechanism for identifying software installations


-3 – A proposed extension of the -2 standard focused on providing license model information


This is all I am aware of at the moment.  But, is this enough?  I don’t think so.  This is a series of great steps.  We are defining a set of best practices, which is great.  We are standardizing the collection of data, that’s awesome.  All of these are important in solving the SAM challenges.  But, we are not yet collecting enough data to make asset management truly simple.


The -2 and -3 standards will tell you items such as the name of the vendor, software title and version and type of licensing the application uses.  But, one very important piece is still missing.  We still don’t know how many licenses we are consuming.


I am not going to go into the details about some of the wild and crazy licensing schemes vendors have come up with.  All justified, at least in their minds.  Inventory Discovery tools, such as HP DDMI, do good job collecting all the data that is available – ISO 19770 standards will help, of course.  But, the existing standards will still not help the SAM professionals to reconcile licenses in use for many applications.  How do you get data for “per user” licenses?  That’s where I believe we will need a “-4” standard.  Only then we will have information about the software and manufacturer, type of licenses used and number of those licenses CONSUMED.

Comments
SteveKlos | ‎04-28-2010 04:40 PM

My view on this is that 19770-3 has this effort in scope.  The key for -3 is that the tag standard specifies the data (or metrics) that must be collected to know if a license entitlement is consumed in addition to the comparison.

It's important to realize that the -3 standard is *NOT* based on  language terminology.  There will be elements available for a publisher to provide details on which license type is used because customers are familiar with those terms.  However, as you've pointed out, the terms do not specify how to measure entitlement consumption.  Additionally, there is no way any organization can "standardize" licensing terms because these terms are often used for marketing purposes.  Trying to standardize licensing terms would not go over well in the market :-).

So, to your question - a 19770-3 tag for a usage based license would have something like the following (note, these are not committed terms, I'm writing them using a pseudo-code  approach to get the idea across.

 - you purchased the rights to have 100 copies of product XYZ from Acme Example company in use throughout your organization at any one time.  There is no restriction on the number of installations.  Usage is determined by the application file xyz.exe being run on a computing device.

The tag may look something like:

General tag data - typically used for reporting, grouping, etc:

 - regid:  regid.1999-01.com.acmeexample

 - product:  xyz professional

 - terms: per use basis

 - quantity:  100

Specific entitlement information:

 - entitlement metric

     + track type:  process execution

     + track data: xyz.exe

     + track compare:  concurrent

 - entitlement quantity:  100

Note that this does not provide the measurements, that's for discovery, tracking, SAM and desktop management tools to manage.  The key is to provide the information required to know what data to collect and what to compare it to.

Obviously, if this cannot be achieved in the -3 specification and we need to limit scope, additional standards will be necessary - agreed.  However, I believe what you're discussing can be determined based on the -3 entitlement standard...

(anon) | ‎04-29-2010 05:59 PM

My view on this is that 19770-3 has this effort in scope.  The key for -3 is that the tag standard specifies the data (or metrics) that must be collected to know if a license entitlement is consumed in addition to the comparison.

It's important to realize that the -3 standard is *NOT* based on  language terminology.  There will be elements available for a publisher to provide details on which license type is used because customers are familiar with those terms.  However, as you've pointed out, the terms do not specify how to measure entitlement consumption.  Additionally, there is no way any organization can "standardize" licensing terms because these terms are often used for marketing purposes.  Trying to standardize licensing terms would not go over well in the market :-).

So, to your question - a 19770-3 tag for a usage based license would have something like the following (note, these are not committed terms, I'm writing them using a pseudo-code  approach to get the idea across.

 - you purchased the rights to have 100 copies of product XYZ from Acme Example company in use throughout your organization at any one time.  There is no restriction on the number of installations.  Usage is determined by the application file xyz.exe being run on a computing device.

The tag may look something like:

General tag data - typically used for reporting, grouping, etc:

 - regid:  regid.1999-01.com.acmeexample

 - product:  xyz professional

 - terms: per use basis

 - quantity:  100

Specific entitlement information:

 - entitlement metric

     + track type:  process execution

     + track data: xyz.exe

     + track compare:  concurrent

 - entitlement quantity:  100

Note that this does not provide the measurements, that's for discovery, tracking, SAM and desktop management tools to manage.  The key is to provide the information required to know what data to collect and what to compare it to.

Obviously, if this cannot be achieved in the -3 specification and we need to limit scope, additional standards will be necessary - agreed.  However, I believe what you're discussing can be determined based on the -3 entitlement standard...

SteveKlos | ‎04-29-2010 06:02 PM

My view on this is that 19770-3 has this effort in scope.  The key for -3 is that the tag standard specifies the data (or metrics) that must be collected to know if a license entitlement is consumed in addition to the comparison.

It's important to realize that the -3 standard is *NOT* based on  language terminology.  There will be elements available for a publisher to provide details on which license type is used because customers are familiar with those terms.  However, as you've pointed out, the terms do not specify how to measure entitlement consumption.  Additionally, there is no way any organization can "standardize" licensing terms because these terms are often used for marketing purposes.  Trying to standardize licensing terms would not go over well in the market :-).

So, to your question - a 19770-3 tag for a usage based license would have something like the following (note, these are not committed terms, I'm writing them using a pseudo-code  approach to get the idea across.

 - you purchased the rights to have 100 copies of product XYZ from Acme Example company in use throughout your organization at any one time.  There is no restriction on the number of installations.  Usage is determined by the application file xyz.exe being run on a computing device.

The tag may look something like:

General tag data - typically used for reporting, grouping, etc:

 - regid:  regid.1999-01.com.acmeexample

 - product:  xyz professional

 - terms: per use basis

 - quantity:  100

Specific entitlement information:

 - entitlement metric

     + track type:  process execution

     + track data: xyz.exe

     + track compare:  concurrent

 - entitlement quantity:  100

Note that this does not provide the measurements, that's for discovery, tracking, SAM and desktop management tools to manage.  The key is to provide the information required to know what data to collect and what to compare it to.

Obviously, if this cannot be achieved in the -3 specification and we need to limit scope, additional standards will be necessary - agreed.  However, I believe what you're discussing can be determined based on the -3 entitlement standard...

(anon) | ‎04-29-2010 11:17 PM

Hi Dan,


Thanks for all of the interest you have been demonstrating in the work of developing the ISO/IEC 19770 SAM Standards.  I am the Convener of the 19770-3 working group, which is building the international standard for software entitlements.


The goal of our work definitely encompasses the concern you have raised here about identifying and measuring consumption of licenses.  As you know, ISO/IEC 19770-3 is under development now. When finished, it will provide a framework and criterion of measurement for creating unambiguous definitions of entitlements to assist in effective software reconciliation, cost reduction in software license management, and proof of compliance.


The 19770-2 tag includes elements that define the software package installed and also identify which of those software programs constitute "usage" (consumption) of the software.  But since -2 is focused on software identification, it does not define consumption of the license "entitlement".  That is the job of 19770-3.


Standardization of software entitlements will provide uniform, measurable data for the license compliance processes of Software Asset Management ("SAM") practice, making it possible to optimize reconciliation of software with licensing entitlements.


We are not defining software license models: "Per-device", "Concurrent-use", Client Access License. That would be a relatively simple task. But it would not serve the purposes of this standard well. We are instead, translating usage rights into machine readable meta-data. Each software entitlement permits the licensee to exercise certain measurable actions with the software. Our goal is to provide a framework that will make it possible to 1. create unambiguous definitions of entitlements, and 2. define the unique measurable actions that will prove compliance.


Examples of Measurable Actions ("Usage Metrics")


- Per-device licensing unit of measure = maximum number of installed copies.


- Concurrent-use licensing unit of measure = maximum number of current product launches.


- Capacity-based licensing unit of measure = maximum clock speed (MIPS).


- Client-access licensing (CAL) unit of measure = not clearly defined: sometimes Per-device and sometimes Per-seat (concurrent logons).


With -2 and -3 in place, SAM tools will then be able to read the usage metrics from the -3 tags and measure usage of software products as defined and identified in the discovered -2 tags. Reconciliation of licensing is then reduced to an automated process that can be conducted with little or no human intervention. A further benefit to the standards is that licensing optimization for cost reduction can also be easily identified through the same processes used to report compliance levels.


These two concepts; reconciliation and optimization (cost reduction) are complimentary parts of understanding our "licensing position".


For more details about 19770-3 development, you may visit http://www.sassafras.com/iso/


John Tomeny


VP, Business Development


Sassafras Software Inc.


603-643-3351


http://www.sassafras.com


IAITAM Fellow


Convener, ISO/IEC 19770-3 OWG - Software Entitlements Tag standard

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.