An open licensing spec built on standards you already know.
OpenRSL is an open spec using standards you already know: robots.txt, RSL, OLP, CAP. Self-host the validator, ship your own implementation, or talk to the reference servers.
The open-source repository has the spec, reference libraries, a reference OLP token server, and end-to-end examples. For deeper context, including implementation decisions, design notes, and the project development history, you can request access to the OpenRSL internal repository.
Adding OpenRSL to your website is simple and fast. Once your site and pages are configured as a set of data assets ready for licensing, you will be in full control of how AI can use those data assets.
Implement as much as you need.
The spec layers into three levels that build on each other. Ship Level 1 to put your terms on the record, then add accountability and settlement when you’re ready. One standard throughout.
Declare your terms
Publish an rsl.xml manifest of allowed uses and prices. Crawlers can read it; nothing is enforced yet, but your terms are on the public record. No backend to run.
Make it accountable
Add the OLP token server, self-hosted or via PDS. Crawlers must accept your terms and present a signed ticket for the use they intend, so every request leaves an auditable trail.
Get paid
Connect a payment backend such as Stripe through the pluggable adapter. Every licensed use settles automatically and issues a receipt.
Run the local OLP server.
Clone the reference implementation, start the OLP server with the mock payment provider, then verify the JWKS endpoint. This is the first successful loop.
git clone https://github.com/openrsl/openrsl.git cd openrsl/olp-server npm ci --ignore-scripts npx tsc PAYMENT_PROVIDER=mock node dist/index.js
curl http://localhost:3000/key
Success is a JWKS response with one ES256 key. Keep the server running while you try the crawler or publisher examples.
-
Run →Crawler demoRequest a ticket and confirm the CAP header is sent. With the mock server, the content fetch ends in the expected 404.
-
Run →TypeScript publisherServe a real gated route: unauthenticated requests get 403, licensed requests get 200.
-
Read →Protocol overviewRead the RSL, OLP, and CAP concepts after the local server is working.
The three moving parts.
rsl.xml
The manifest. Declares which assets are licensed, what types of use are permitted, and the price. Key fields: asset uri, license type (valid values: ai-train, ai-summarize, ai-cite, ai-inference), price currency, unit (valid values: per-token, per-request, per-article), contact.
OLP
Open Licensing Protocol. The token endpoint. A crawler POSTs to /token with intent and asset params and receives a signed ticket. Verify a ticket with GET /introspect.
CAP
Content Authorization Protocol. How the ticket is presented. The crawler attaches Authorization: License {ticket-id} to its content request. The server validates and logs it.
What the server says when something is wrong.
402 Payment Required // license exists, no valid ticket presented 403 Forbidden // this license type is not available 404 Not Found // asset not in manifest 401 Unauthorized // ticket presented but invalid or expired
{ "error": "ticket_invalid", "message": "Ticket a91f2c has expired.", "asset": "/article/the-old-deal" }
Test your implementation.
A conformance test suite is in development in the repository under spec/. It covers manifest validation, OLP token flow, and CAP header verification.
View the spec directory on GitHubWhat has changed.
Initial reference implementation. Python, PHP, and TypeScript libraries. OLP server. End-to-end demos in each language under /examples.