Slashdot Mirror
How Are Standards Monitored And Enforced?
Pubman asks: "I suspect virtually everyone appreciates the value of standards, especially the open variety. Where would we be without TCP/IP? At my company, we have been going through a continuous process of defining, implementing and enforcing standards. An associate has posed the following question to me. 'How are standards monitored for compliance?' I would appreciate everyone's thoughts on how standards are monitored and enforced on the Internet, by IETF, ISO, NIST, etc. so we can design a process based upon the published and unpublished experience of others.
Thanks ... "
IMHO, There are 3 ways of standardisation:
1) Interoperability. Test your stuff with other peoples' and make sure it works. If it doesn't, good luck selling it. This is the Internet way.
Sometimes comes out very badly - viz. tons of not-quite-RFC-compliant mail servers...
2) Certification. Certification bodies test your product for compliance with a written standard. Of course, this assumes that such a written standard actually exists... This is the best way for non-upgradable stuff - imagine having to upload new firmware to your cellphone every two weeks.
3) Being Microsoft. Not an option for most non-Microsoft companies. May result in antitrust proceedings.
Any technology which is distinguishable from magic is not sufficiently advanced.
For an internet based standard (i.e. TCP/IP) - you pretty much have to go by cooperation. Since the internet was pretty small when it started (read: DARPANET, etc.) and sort of grew into an agregate of individual networks, it was pretty easy for everyone to comply. Now, if you don't abide by the TCP/IP protocols that just about everyone uses on the net, you don't get on the net :-) It's pretty easy to enforce something that has absolutely no reason not to be used. Otherwise, the best way to figure out the standards on the net are, of course, to read all of the RFC's out there. There really is no "enforcement" of these, per se...but they're used because they're good.
As far as a business is concerned, well that's a whole different bag of tricks. Standards, unfortunately, for any size company are going to have to be monitored by individuals...details would be, of course, different from situation to situation. While this works for small companies, large companies will have to figure out how best to utilize manpower to make sure that what works best is actually being implemented.
The best rule of thumb, as far as i'm concerned, is don't standardize something that no one is going to/want to use....anything is enforceable so long as people say "hey...that's a good idea." but you're going to have a hell of a time if everyone is rebelling.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
"It is seldom that liberty of any kind is lost all at once." -David Hume
Not.
Or at least not by an independent group or even a collaboration of various parties or an organization standing up for consumer rights.
Office file formats have become the de facto standard, not any of the well documented open text/data formatting standards. The HTML specifications are not the standard, the way MSIE renders HTML is. MP4 was embraced and extended/altered by Microsoft even before it was a standard.
There are probably even better examples, and non-Microsoft ones as well. They deserve to be bullied but their are a symptom, not the disease. The real disease are the huge companies:
Five years ago there was a lot of rumble about mega-fusions resulting in mega-corporations. I shrugged. Now, I see AOL/Time Warner, Microsoft, Viacom, UPC etcetera and start to get scared, because these big corporations do not only control the standards, they make them.
They have no or little interest in consumer benefits. Money is their primary (only?) motivation. Communism was a good idea in theory, but failed in practice. And perhaps capitalism is being driven too far and this might eventually make an end to it as we know it as well.
Think about it: the UCITA, the whole Napster/Gnutella affair, deCSS, human beings even _considering_ a hyperlink could be copyright infringement..
My apologies for this possible piece of flamebait. But the big buck is already starting to undermine certain principles of the democracy and freedom we enjoy and I am worried it will only get worse and worse.
End of rant..
Enforced, that is. Not real ones, anyway. The world of computing is littered with dead or undead standards "enforced" by government fiat, corporate white papers, or other forms of "enforcement." The fact is that true standards, like TCP/IP, exist as standards because they work, and it is in the interests of all concerned to comply with them.
If I build a packet of random data and toss it out onto my network, the TCP/IP police won't come and get me for failing to comply with the standards. Similarly, if I connect to an FTP server and start trying to talk to it in english, no jack-booted IETF thugs will show up at my door. On the other hand, my packet will get tossed out as soon as it reaches a router, and the FTP server just isn't going to send me the file I keep asking it for. I comply with the TCP/IP and FTP standards because it is in my interests to do so. Otherwise, things don't work.
Note that this requires a key distinction be made between a standard and a specification. A specification is what passes through the comittee and gets written up in a white paper. A standard is what people actually use. People violate specifications all the time, and the world continues to turn, so long as there is a standard. Most internet standards were standard long before they were specified by the IETF, for example the mapping from port names to services. On the other hand, there is HTML. There is no HTML standard. There are plenty of specifications, of course, but no standard, which is why being a web designer is such a nightmarish job.
From your question, however, I get the impression that a specification, not a standard, is what you are creating. Honestly, the only thing you can do is make sure your specification is so good that it is adopted as a standard, a process which can only take place voluntarily. Quality is the only real determinant of whether a specification becomes a standard, and no amount of enforcement can save a specification that people don't want to follow.
"Never let your sense of morals prevent you from doing what is right" -Salvor Hardin
Standards generally boil down to two kinds. The first kind is usually a legal minimum of quality imposed on manufacturers for civic purposes. Thus we have standards for toys, car safety and food. The second kind of standard is when everyone agrees to work to the same specs. It is this kind of standard that dominates the software industry.
The IETF is perhaps the most influential "bazaar" group of them all. Before Linux, before GNU, there was a bunch of guys who believed in "rough consensus and running code". The IETF makes the standards of how the Internet runs. Basically if it's IETF-approved, it's in.
The irony is that the IETF is as non-enforcing as groups come. It is, in fact, quite anarchic in nature. Anyone may join. Anyone may attend any meetings and generally propose anything they like. If it's good, it will garner consensus. If you have code to show, you're way ahead on points.
The enforcement of IETF standards is not coercive, as you are looking for: it is social. Individual developers, tool companies, software companies, publishers, and software buyers - all of these derive advantage from standards-based software. For any company to break these standards there must be substantial reason - and even then, they will cop a lot of flack.
So if you are looking for a "method" to derive, derive this: Discussion, Design and Disclosure makes a Standard. Discuss the standard widely, give it a solid grounding of design, and disclose your code and detailed designs to everyone.
Just some quick observations to catch the 25-post moderator's theshold :)
be well;
JC.
--
"Don't declare a revolution unless you are prepared to be guillotined." - Anon.
Classical Liberalism: All your base are belong to you.
- When a standard says MUST, then the implementation might
- When a standard says SHOULD, then the implementation will not
- When a standard RECCOMENDS, then the implementer will laugh scornfully
- When there are two possible interpertations of a standard there will be 4 possible implementations, correct for readings 1 and 2, a mad attempt to fit both contraditory meanings and the the old reliable invention of something completely incompatible with both.
The situation is farcical for many standards, they work together but everyones code and documentation is riddled with lines like "do this technically incorrect or unnecessary thing for this broken but important application", A perfect example is the rfc822 mail standard. Read the qmail information on the reality of what shows up in headersYour average programmer is a completely incompetent ego riden madman. A standard is an affront to his cherised belief that he is the best programmer on the planet. How dare someone restrict his options to make a complete mess. So they trample all over the standards, and each program that is broken but not broken enough to fail immediately and catastrophically adds to the standards pollution. Limiting the solution space in which it is possible to create an app that interoperates correctly with everything else.
A proper standard shouldn't be released unless it has a few things which most lack,
- A rationale, Why are decisions made, egoboy is more likely to follow a standard if its reasoning is made clear and the thinking behind various decisions are explicit.
- A big set of tests which the app must pass before it can conform to the standard. Not that that mattered much in the case of rfc822 btw most mail programs wouldn't know what to do with the complex commenting and line folding behaviour.
- A section threatening intense physical suffering for anyone caught trying to subvert it. "By reading this document you hereby agree to a punishment no less than being nailed to a tree for creating any software which almost but not quite matches the standard herein"
- And a sample implementation released.
Thus the md5 and sha1 rfcs are solid as they have tests and an implementation hanging off them. Telnet and mail were doomed for the beginning to always spawn numerous implementations almost correctly work together but always requiring vast amount of under the hood trickery and special case handling.C.
I sometimes write stuff
Sometimes the language of the spec is so general that it can be interpreted many different ways, or is so vague that there can be incompatible implementations of the same portion of the spec. Often, this is the result of "group writing" and a series of compromises. When working through a spec, it's in everyones best interest to avoid putting any language of this kind into the spec.
___
Then later when I started learning the Internet protocols, I wanted to see the ``recommendations''. But all I could find was ``Requests for Comments''. Once again, I asked to see the _real_ recommendations. And once again, it turned out that there were none.
It seems to me that ``standards'' are just not politically/diplomatically accepted. It's all done by subtle diplomacy. ``Raise a flag and see if anyone salutes it'', as you say in America, or ``fly a kite and see anyone shoots it down'', as we say in Australia.
Nowadays, we have IEEE 754, which says a 32 bit float has 23 bits (plus an implied 1 bit) in the mantissa, 8 in the exponent, and of course the sign bit. Intel, Motorola, Sun, et all followed the standard, which presumably had input from all the major players. The major IC manufacturers caused the compilers and other tools to follow, which generally caused most software to follow the standard, and today the idea of using floats other than IEEE 754 is thought only by developers of very resource limited embedded devices, who typically convert their space-saving floats to the standard when they communicate.
With the recent M$ kerberos slashdot story/hype, I suspect a lot of slashdot folk will complain about monopolies breaking standards, and probably trademarks, patents, and all the other usual slashdot stuff.... cynical and jaded as many slashdotters may be, there are lots of computer related standards that are well followed.
Why follow standards? Nobody enforces standards, except for customers. Customers generally like it when products interoperate, and if a group of competing products interoperate because they all follow a standard, a new product that doesn't generally won't sell.
Now there are lots of de-facto standards, where a single company had enough market share that they could just come up with something and everyone else followed. ISA bus (IBM), PDF (Adobe), and .DOC/.XLS format (Microsoft) come to mind, though there are many others.
Whether a format or de-facto standard, the reason to follow the standard is usually because a product which inter-operates with others has a market advantage over other products that don't. Look at Microsoft Exchange Server and Lotus Domino, which have their own proprietary protocols, but also have to support the standards to be accepted by customers.
PJRC: Electronic Projects, 8051 Microcontroller Tools