Standards play a huge role in enterprise applications—as well as the decision companies make to use a product or not—and that role will only get bigger as Web services gain momentum. However, as vendor-led consortia increasingly define the standards that shape enterprise products, its getting tougher to separate standards from vendor politics, posturing and power.
But the worst thing enterprise IT managers could do is to simply sit by and watch it all happen. Indeed, there are a couple of reasons why the time is right to band together with suppliers, customers—even competitors—and dive into the standards process.
First, XML has reached the “recommendation” stage, the highest level of approval from the World Wide Web Consortium. This means that XML—arguably one of the most important standards to come along in the past five years—has stabilized to the point that industry-specific schemas can be developed without fear that drastic changes will convulse the foundation of the W3Cs work.
Second, IT managers still have a chance to make a significant impact on the groups that are trying to wrestle Web services to the ground. During discussions with industry leaders such as Tim Bray, co-inventor of XML and founder and chief technology officer at Antarctica Systems Inc., eWEEK Labs was pleased to find a desire for feedback from potential customers. (For more on what IT managers should consider before getting involved, click here.)
Inviting as some groups may be, however, the standards world is small and populated with its fair share of technocrats and sharp operators. But participation can be extremely beneficial for IT managers who judiciously allocate staff members to participate in the groups. Engineers from the biggest IT vendors routinely participate in standards groups, and face-to-face networking with these people can yield blunt and sometimes priceless answers and advice on strategic IT projects.
Corporations that assign an IT staff member to work with a standards body will almost certainly have a solid understanding of impending standards. “People on the inside knew well before anyone else that SOAP [Simple Object Access Protocol] and WSDL [Web Services Description Language] were significant and that UDDI [Universal Description, Discovery and Integration] was falling behind,” said Bray, in Vancouver, British Columbia.
However, the barriers to participation are significant with most standards groups. These include a commitment of several hours per week just to read and respond to e-mail, not to mention attending as many as six face-to-face meetings a year. Finally, most standards groups support themselves on membership dues that range from nothing at the IETF (Internet Engineering Task Force) to $50,000 or more per year.
eWEEK Labs defines a good standard as, pretty simply, one that is implemented in a large number of products, can be tested for compliance and creates the greatest amount of interoperability with the lowest incremental cost.
But being “good” isnt enough—standards must be championed. IT managers should make it clear to vendors that they will use only that portion of a product that conforms to a standard; one that has been enhanced with special extensions will no longer be considered standard-compliant but a proprietary implementation.
To illustrate the point, consider this: SQL is one of the most successful standards in the IT world. Technicians with a proven track record working on one SQL platform are very likely able to work on another with a minimal amount of additional training. Further, and even more importantly, technical staff who can maintain projects produced by these individuals are readily available.
Understanding how standards bodies work is one of the keys to determining which standards to follow. (Learn more about how standards bodies work.) We chose for this report the IEEE, IETF, W3C and OASIS (Organization for the Advancement of Structured Information Standards) organizations because they cover the gamut—from open membership to exclusive vendor groups, from long-standing names familiar to everyone in IT to relatively new formations. (Find out more about these organizations.)
The IEEEs working group areas for IT are charged with maintaining the standards upon which wired and wireless networks are built. IT managers can gain good experience working with standards groups by starting with the IEEE because the specifications are generally well-understood by most IT staff, the process is formal and well-documented, and the costs are quite low.
The IEEE 802 networking standard family is a foundation that has barely moved in the past 10 years. The wireless war between 802.11g and 802.11a has been a minor tempest in the otherwise-staid organization, but the IEEEs standards process is well-defined and driven by five “imperative principles”: due process, openness, consensus, balance and the right of appeal, according to the groups process guidelines.
The group is also among the oldest in our survey, and it touches medical and communications technologies, among many other areas.
The IETF and its famous requests for Comment, or RFCs (not the least of which define the TCP/IP stack), is a stew of people, open to anyone with time to join an e-mail listserv.
This isnt to say that everyone gets to decide which Internet drafts (works in progress) become RFCs. The power behind the throne is the Internet Engineering Steering Group, a very small group of directors from each area of work.
The IETF has a well-established process that uses working groups and charters inside each of its seven work areas to define standards.
While IETF discussions necessarily focus on future standards, IT managers will get all sorts of useful food for thought about timely issues. For example, a recent exchange in the Benchmarking Methodology working group included very useful discussion about benchmarking wireless networks. The consensus as the discussion neared conclusion was that a new standard for wireless was not needed.
The IETFs wide-ranging discussions and open review usually mean that standards move at a deliberate pace through the process. Most working group charters are viewed as successful when the group ends up with a successful RFC.
The sometimes-plodding nature of the IETFs work process, combined with the desire to use unencumbered technology, may explain the recent proliferation of vendor consortia. However, the fundamental nature of the IETFs work along with its accessible process makes it an ideal place for IT to influence the standards process.
The W3C is hosted by three educational and nonprofit research groups: the Massachusetts Institute of Technology, in Cambridge, Mass.; the INRIA (Institut National de Recherche en Imformatique et en Automatique), a network of nonprofit and governmental groups throughout Europe; and Keio University Shonan Fujisawa Campus, in Japan.
During the browser wars of the early 1990s, the W3C attempted to be the neutral group that tried to maintain peace and make progress. To that end, the W3C developed a browser/authoring tool called Amaya that was promptly ignored as a compliance testing resource. If the W3C had had a certification program at the time, the browser wars might have been averted.
Despite the W3Cs inability to put an end to the browser wars, the consortiums work on XML and Web accessibility projects—along with its success at combining people from the areas of IT, development and academia—has kept it at the center of standards development.
One example of the W3Cs work illustrates many of its best characteristics: The XML protocol SOAP 1.1 originated in the IETF. SOAP 1.1 was presented as a submission request to the W3C in early 2000, after the group performed a number of outreach activities.
W3C paid staff then evaluated SOAP and developed a draft charter that was submitted to the entire W3C membership. The charter defined the scope of the project, along with key requirements—for example, that the envelope had to be in XML, the protocol had to be in XML and the end result needed to use schemas. The charter also supplied the rationale as to why this work should be done at the W3C.
The membership feedback indicated overwhelming acceptance of the charter but with significant additions. Members wanted the work to be closely coordinated with other standards groups, including the IETF and the electronic business XML work that was jointly sponsored by OASIS and the United Nations.
The XML work generated the largest working group in the W3C, with comments from W3C members and nonmembers and with more than 400 issues raised and resolved in public discussions.
IT managers can monitor the work of the W3C to get a glimpse of cutting-edge efforts to increase the usefulness of the Web. However, the $57,500 membership dues for organizations with moderate revenues will likely keep most IT groups out.
OASIS has a moderate fee structure and a technical committee structure that is similar in many respects to the other bodies in this report. The group is the go-to organization for XML developments in vertical industries, providing specifications for describing and structuring data in XML format.
The mailing lists for each of OASIS technical committees are separated into public and members-only categories, so it isnt always easy for those who cant pony up the membership fees to get the latest scoop on proceedings.
Of the many areas in which OASIS works, IT managers should pay especially close attention to its work on SAML (Security Assertion Markup Language), which became an OASIS standard last November. Like a standard proposed by the Web Services Interoperability Organization—a vendor-dominated body—OASIS SAML is an attempt to remove some of the biggest hurdles to Web services implementation: a lack of security, interoperability and authorization/ authentication protocols.
Despite OASIS restrictive mail lists, it is still possible to glean quite a bit of information from reports posted by the technical committees. And the industry-specific nature of the technical committees may make it easier to justify a budget line item for OASIS membership.
Senior Analyst Cameron Sturdevant is at [email protected]