Standardizing on a standards body

Greetings to the Open Web Foundation. OWF is a new organization for promoting community-driven specifications:

“The Open Web Foundation is an attempt to create a home for community-driven specifications. Following the open source model similar to the Apache Software Foundation, the foundation is aimed at building a lightweight framework to help communities deal with the legal requirements necessary to create successful and widely adopted specification.”

The next statement goes on to state that one of the objectives is to avoid creating a separate foundation for each new technology. Of course the natural reaction to that will be: “In that case, why are you creating yet another self-appointed standard organization? What is wrong with IETF or W3C?” To recap:

  • W3C is the World Wide Web Consortium. It maintains core standards related to the web: HTML, CSS, XML, XSL, XPath, SOAP– for the most part, anything involving angle brackets falls under the jurisdiction of the W3C. Most of these are commonly recognized, widely supported data formats or data manipulation frameworks. (By contrast W3C forays into protocol design such as PICS, P3P and SOAP have met with mixed results.) The consortium charters working groups and issues official, versioned specifications.
  • IETF is the Internet Engineering Task Force. IETF does not officially endorse standards. Its documents go by the more modest name RFC or “request for comments,” suggesting ideas in flux, perennially under editorial review, always open to improvement and changes. Yet many of the core protocols and specifications underlying the Internet can be attributed to an RFC. Email addresses? That would be RFC822. The HTTP protocol shuttling web pages around? RFC 2616. The official TLS protocol that gives us the peace-of-mind and security of the lock-icon on those pages? RFC 2246.

Ben Laurie seeks to preempt that question, also raised in the discussion group. Jury is out on the characterization of W3C as pay-to-play-cartel but the article does highlight a basic problem with IETF: being too inclusive. A former colleague at MSFT described it the requirements for participation in IETF as “a keyboard and Internet connection.” (We can also add: “… and an unshakeable conviction in the infallibility of your ideas.”) This model probably worked well when the workings of arcane protocols was of interest to the academic community only, and everyone that cared to participate started out on the same page, sharing common interests. Today the Internet is too large, the range of stake-holders too diverse and too much commercial success hinges on the outcome of standardization process to continue with that naive assumption of unified purpose.

That same colleague provided this insightful comment on the IETF process: It is a great forum to capture the dominant paradigm on paper and enshrine it as the Internet standard when consensus exists around one. It is not a very good forum for creating consensus in the first place, when everyone shows up at the table with different ideas and irreconcilable objectives. These words were uttered in the aftermath of the Sender ID meltdown where the working group rejected an anti-spam proposal from Microsoft.

OWF raises anew the question of who gets the privilege of a seat at the table once the IETF model (anyone is welcome or “no fool left behind”) is declared dysfunctional, because there is too much randomization. Intuitively those writing software to implement the standard emerge as obvious candidates. But are some implementors more equal than others? Surely not every crackpot with a copy of networking for dummies is entitled to derail the standard process. What about individuals who are recognized subject matter experts but not currently developing software in this space? Moving away from the core, how about companies whose products will be indireclty impacted? Do ISPs get a say in the development of a P2P filesharing protocol, considering it is their infrastructure about to get hammered? Does a firewall vendor get to express an opinion on anti-spam technology because they want to inspect traffic at the edge? Do other participants have the right to declare that they are not interested in supporting that scenario, shutting them out of a particular market segment? Even more controversially, what about companies whose business model is at risk from the existence of the technology? (Advertising networks, criticially dependent on third-party cookies for their existence, were participants in the working group tasked with developing the privacy standard P3P that Internet Exporer uses to manage cookies.)

Assuming that OWF gains any traction, at least one benefit will be forcing some soul searching inside IETF and W3C.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s