OpenRSL: An Open Licensing Protocol for AI Content Consumption

Introduction

For two decades, the web operated on a stable compact: publishers made content freely accessible; search engines indexed and routed traffic back to publishers; advertising converted that traffic into revenue. Crawlers were expected and welcomed; they brought readers.

AI systems have disrupted this compact at every layer. A model trained on a publisher’s archive can reproduce its reporting without attribution. A retrieval-augmented generation system can surface a publisher’s content in a zero-click answer without sending a visitor. The model provider captures the value; the publisher absorbs the cost.

What is missing is not law or goodwill but infrastructure: a standard, machine-readable way for publishers to declare what they are willing to license, at what price, and on what terms, and for AI operators to discover, acquire, and demonstrate that license. OpenRSL is that infrastructure.

Problem Statement

2.1 The Zero-Click Economy

When a user’s query is answered by an AI system drawing on a publisher’s content, the publisher receives no traffic, no revenue, and no record that their content was used. The publisher’s work was trained on, retrieved, and reproduced, all without consent, compensation, or attribution. Referral traffic from search to publishers dropped measurably in the years following the deployment of generative AI features. The economic incentive to publish is being severed from the act of publishing.

2.2 Existing Defences and Their Limits

robots.txt is the only widely-adopted machine-readable control. It is binary: allow or deny. It cannot express conditional permission, price, or intent-specific terms. It is also advisory; there is no cryptographic mechanism to prove a crawler read it.

Paywalls protect access for human readers but have no enforcement mechanism against crawlers that do not simulate browser behaviour. A paywall behind which content is still indexed is a paywall with a crack.

Litigation is slow, expensive, and available only to large publishers. It addresses past harm; it does not prevent future use or establish a market rate.

None of these approaches establishes a record of what was licensed, to whom, for what purpose, at what price. The gap is not legal but infrastructural.

The OpenRSL Protocol

OpenRSL implements RSL (Really Simple Licensing) end to end. RSL defines the manifest format and the two HTTP sub-protocols (OLP and CAP) that govern how permissions are acquired and presented. OpenRSL provides the reference stack: libraries, an OLP server, and conformance criteria for independent implementations.

3.1 rsl.xml: The Manifest

A publisher declares their terms in an XML manifest at a known location (/rsl.xml), discovered via a robots.txt directive. The manifest is public, machine-readable, and versioned. It states which assets are covered by URI, which term classes are available, the price for each, and contact information.

Each license rule specifies a term class. The defined term classes include:

• crawlIndexing and retrieval of content by a crawler or AI agent.
• trainingUse of content to train or fine-tune a machine learning model.
• useRetrieval and use of content at inference time, including summarisation and citation.
• purchaseOne-time acquisition of content access under agreed terms.
• subscriptionOngoing access to content under a recurring license agreement.
• attributionReference to the content as a source without reproduction.
• contributionUse of content in a derivative work or dataset.
• freeContent made available at no charge under the publisher’s stated terms.

The manifest requires no authentication to read. Any crawler, auditor, or regulator can retrieve and verify it without a prior relationship with the publisher.

3.2 OLP: Open License Protocol

OLP is the token-issuance sub-protocol. A crawler that has read the manifest and agreed to its terms POSTs to the OLP server’s /token endpoint (the OLP server address is declared in the manifest via the server attribute and may be hosted independently of the publisher). The OLP server validates the request against the manifest and issues a signed, short-lived token. The token is the machine-readable evidence that permission was sought and granted.

Tokens can be verified independently via GET /introspect. The verification endpoint is unauthenticated, enabling third-party audit without publisher involvement.

3.3 CAP: Content Authorization Protocol

CAP governs how the ticket is presented when the crawler fetches the asset. The crawler attaches the ticket to the content request via the Authorization: License {ticket-id} header. The publisher’s server validates the ticket, logs the transaction, and releases the asset.

The server’s response to invalid or absent tickets is standardised:

402  Payment Required  // license exists; no valid ticket presented
403  Forbidden         // this license type is not offered for this asset
401  Unauthorized      // ticket presented but invalid or expired
404  Not Found         // asset not in manifest

3.4 The Four-Request Flow

Every compliant transaction follows four steps:

# 1. Discover
$ curl https://example.com/robots.txt  # → RSL-License: /rsl.xml
$ curl https://example.com/rsl.xml      # → manifest: assets, term classes, prices
 
# 2. Acquire token (OLP)
$ curl -X POST https://olp.example.com/token \
    -u 'wallet-id:secret' \
    -d 'grant_type=client_credentials&resource=https://example.com/article/the-old-deal&license=...'
    # → {"access_token":"eyJ...","token_type":"License","expires_in":3600}
 
# 3. Verify (optional, for third-party audit)
$ curl 'https://olp.example.com/introspect?token=eyJ...&resource=https://example.com/article/the-old-deal'
 
# 4. Fetch with CAP header
$ curl https://example.com/article/the-old-deal \
    -H 'Authorization: License eyJ...'
    # → 200 OK · transaction logged · receipt issued

Pricing Model

Publishers set their own prices. The protocol imposes no floor, ceiling, or intermediary fee at the protocol layer. Three pricing units are supported, each suited to a different use pattern:

• per-token Appropriate for training use, where the volume of text consumed is the relevant unit. Enables granular pricing aligned with the actual cost imposed on the publisher’s content.
• per-request Appropriate for summarisation and inference, where each query is a discrete event regardless of response length.
• per-article A flat fee per article accessed under a given license type. Simplifies pricing for archives and single-piece licensing.

Prices are declared in rsl.xml before any ticket is issued. Buyers see the terms before committing. The signed ticket constitutes acceptance of those terms at the stated price.

Audit Trail and Compliance

Every OLP token issuance creates a record: who acquired the ticket, for which asset, under which intent, at what time. Every CAP transaction confirms that the ticket was presented and the asset released. The combination constitutes a per-use audit trail with the following properties:

• Signed: the ticket cannot be forged or tampered with post-issuance.
• Attributed: the crawler’s identity is recorded at acquisition time.
• Time-bounded: tickets are short-lived; a valid ticket at fetch time proves the license was active when the content was accessed.
• Independently verifiable: the manifest is public; any ticket can be verified by anyone with the ticket ID without involving the publisher.

This record is available to publishers, operators, auditors, and regulators without requiring a central authority to adjudicate disputes. The evidence exists at the protocol layer, not behind a platform’s API.

Reference Implementation

OpenRSL ships a complete reference stack under the Apache 2.0 license. Each component is independently replaceable; publishers can self-host the OLP server, use a managed provider, or integrate only the library.

Governance

RSL is an open standard. OpenRSL is the open-source reference implementation of that standard. The protocol is defined by the spec, not by any implementation; any conforming implementation is equally valid.

The OpenRSL project does not operate a central registry, payment network, or clearinghouse. Tickets are issued and verified by the publisher’s own infrastructure, or by a provider of their choosing. Payment settlement is handled by pluggable adapters to existing payment providers; the protocol does not mandate a settlement layer.

This design means no single party can revoke, throttle, or monetise the protocol itself. A publisher who self-hosts the OLP server is fully independent of any network operator.

Conclusion

The breakdown in the economics of web publishing is not primarily a legal or ethical problem; it is an infrastructure problem. There is no standard mechanism for a publisher to express what they will license, at what price, and for what purpose; no mechanism for a crawler to acquire and demonstrate that license; no mechanism for either party to prove what was agreed after the fact.

OpenRSL provides that infrastructure. It is composable with existing web standards, requires no central coordination, and is designed to be independently implementable by publishers, AI operators, regulators, and auditors alike.

The reference implementation is available at github.com/openrsl/openrsl under Apache 2.0.