Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Are Standards Monitored And Enforced?

Posted by Cliff on from the standard-operating-procedures dept.

Pubman asks: "I suspect virtually everyone appreciates the value of standards, especially the open variety. Where would we be without TCP/IP? At my company, we have been going through a continuous process of defining, implementing and enforcing standards. An associate has posed the following question to me. 'How are standards monitored for compliance?' I would appreciate everyone's thoughts on how standards are monitored and enforced on the Internet, by IETF, ISO, NIST, etc. so we can design a process based upon the published and unpublished experience of others. Thanks ... "

5 of 89 comments (clear)

  1. Short answer by Rob+Kaper · · Score: 4
    How are standards monitored and enforced?

    Not.

    Or at least not by an independent group or even a collaboration of various parties or an organization standing up for consumer rights.

    Office file formats have become the de facto standard, not any of the well documented open text/data formatting standards. The HTML specifications are not the standard, the way MSIE renders HTML is. MP4 was embraced and extended/altered by Microsoft even before it was a standard.

    There are probably even better examples, and non-Microsoft ones as well. They deserve to be bullied but their are a symptom, not the disease. The real disease are the huge companies:

    Five years ago there was a lot of rumble about mega-fusions resulting in mega-corporations. I shrugged. Now, I see AOL/Time Warner, Microsoft, Viacom, UPC etcetera and start to get scared, because these big corporations do not only control the standards, they make them.

    They have no or little interest in consumer benefits. Money is their primary (only?) motivation. Communism was a good idea in theory, but failed in practice. And perhaps capitalism is being driven too far and this might eventually make an end to it as we know it as well.

    Think about it: the UCITA, the whole Napster/Gnutella affair, deCSS, human beings even _considering_ a hyperlink could be copyright infringement..

    My apologies for this possible piece of flamebait. But the big buck is already starting to undermine certain principles of the democracy and freedom we enjoy and I am worried it will only get worse and worse.

    End of rant..

  2. They aren't. by Gromer · · Score: 5

    Enforced, that is. Not real ones, anyway. The world of computing is littered with dead or undead standards "enforced" by government fiat, corporate white papers, or other forms of "enforcement." The fact is that true standards, like TCP/IP, exist as standards because they work, and it is in the interests of all concerned to comply with them.

    If I build a packet of random data and toss it out onto my network, the TCP/IP police won't come and get me for failing to comply with the standards. Similarly, if I connect to an FTP server and start trying to talk to it in english, no jack-booted IETF thugs will show up at my door. On the other hand, my packet will get tossed out as soon as it reaches a router, and the FTP server just isn't going to send me the file I keep asking it for. I comply with the TCP/IP and FTP standards because it is in my interests to do so. Otherwise, things don't work.

    Note that this requires a key distinction be made between a standard and a specification. A specification is what passes through the comittee and gets written up in a white paper. A standard is what people actually use. People violate specifications all the time, and the world continues to turn, so long as there is a standard. Most internet standards were standard long before they were specified by the IETF, for example the mapping from port names to services. On the other hand, there is HTML. There is no HTML standard. There are plenty of specifications, of course, but no standard, which is why being a web designer is such a nightmarish job.

    From your question, however, I get the impression that a specification, not a standard, is what you are creating. Honestly, the only thing you can do is make sure your specification is so good that it is adopted as a standard, a process which can only take place voluntarily. Quality is the only real determinant of whether a specification becomes a standard, and no amount of enforcement can save a specification that people don't want to follow.

    --
    "Never let your sense of morals prevent you from doing what is right" -Salvor Hardin
  3. Its all a dangerously stacked house of cards... by caolan · · Score: 5
    In my experience
    1. When a standard says MUST, then the implementation might
    2. When a standard says SHOULD, then the implementation will not
    3. When a standard RECCOMENDS, then the implementer will laugh scornfully
    4. When there are two possible interpertations of a standard there will be 4 possible implementations, correct for readings 1 and 2, a mad attempt to fit both contraditory meanings and the the old reliable invention of something completely incompatible with both.
    The situation is farcical for many standards, they work together but everyones code and documentation is riddled with lines like "do this technically incorrect or unnecessary thing for this broken but important application", A perfect example is the rfc822 mail standard. Read the qmail information on the reality of what shows up in headers

    Your average programmer is a completely incompetent ego riden madman. A standard is an affront to his cherised belief that he is the best programmer on the planet. How dare someone restrict his options to make a complete mess. So they trample all over the standards, and each program that is broken but not broken enough to fail immediately and catastrophically adds to the standards pollution. Limiting the solution space in which it is possible to create an app that interoperates correctly with everything else.

    A proper standard shouldn't be released unless it has a few things which most lack,

    1. A rationale, Why are decisions made, egoboy is more likely to follow a standard if its reasoning is made clear and the thinking behind various decisions are explicit.
    2. A big set of tests which the app must pass before it can conform to the standard. Not that that mattered much in the case of rfc822 btw most mail programs wouldn't know what to do with the complex commenting and line folding behaviour.
    3. A section threatening intense physical suffering for anyone caught trying to subvert it. "By reading this document you hereby agree to a punishment no less than being nailed to a tree for creating any software which almost but not quite matches the standard herein"
    4. And a sample implementation released.
    Thus the md5 and sha1 rfcs are solid as they have tests and an implementation hanging off them. Telnet and mail were doomed for the beginning to always spawn numerous implementations almost correctly work together but always requiring vast amount of under the hood trickery and special case handling.

    C.

    --
    I sometimes write stuff
  4. Extend me by Money__ · · Score: 5
    I was recently in a Mozilla chat room with some other developers when they were discussing a standards specification. What I found amazing was how much the engineers really sweat the small stuff to make sure mozilla is really as compliant as it can be. I'm reminded of a quote from one of the developers regarding a standards doc he was reading. He said: "This spec just screams extend me!".

    Sometimes the language of the spec is so general that it can be interpreted many different ways, or is so vague that there can be incompatible implementations of the same portion of the spec. Often, this is the result of "group writing" and a series of compromises. When working through a spec, it's in everyones best interest to avoid putting any language of this kind into the spec.
    ___

  5. RFCs are explicitly not standards by Swordfish · · Score: 4
    When I first got started in comms, I asked to see the specifications of the ISO layering standards etc. etc. I was given ``recommendations''. I asked for the _real_ standards. They told me there weren't any. Just ``recommendations''. That sounded a bit weak to me. But I was told that if the ITU (then called CCITT) called them standards, then some countries would refuse to go along. I.e. the idea was that calling them mere ``recommendations'' was part of diplomacy.

    Then later when I started learning the Internet protocols, I wanted to see the ``recommendations''. But all I could find was ``Requests for Comments''. Once again, I asked to see the _real_ recommendations. And once again, it turned out that there were none.

    It seems to me that ``standards'' are just not politically/diplomatically accepted. It's all done by subtle diplomacy. ``Raise a flag and see if anyone salutes it'', as you say in America, or ``fly a kite and see anyone shoots it down'', as we say in Australia.