From spring+@pitt.edu Wed Dec 21 07:37:14 1994 Received: from pitt.edu by icarus.lis.pitt.edu (4.1/1.34) id AA13107; Wed, 21 Dec 94 07:37:14 EST Received: by pitt.edu id AA17637 (5.65c/IDA-1.4.4.5 for spring@lis.pitt.edu); Wed, 21 Dec 1994 07:37:07 -0500 Received: via switchmail; Wed, 21 Dec 1994 07:37:04 -0500 (EST) Received: from teilhard.lis.pitt.edu via qmail ID ; Wed, 21 Dec 1994 07:34:38 -0500 (EST) Received: from teilhard.lis.pitt.edu via qmail ID ; Wed, 21 Dec 1994 07:34:27 -0500 (EST) Received: from Messages.8.5.N.CUILIB.3.45.SNAP.NOT.LINKED.teilhard.lis.pitt.edu.pmax.ul4 via MS.5.6.teilhard.lis.pitt.edu.pmax_ul4; Wed, 21 Dec 1994 07:34:26 -0500 (EST) Resent-Message-Id: Resent-Date: Wed, 21 Dec 1994 07:34:26 -0500 (EST) Resent-From: "Michael B. Spring" Resent-To: spring@lis.pitt.edu Return-Path: Organization: National Institute of Standards and Technology From: "Oksala, Stephen P [BB]" To: "Rutkowski, Tony [Internet]" , "IISP Reflector [Internet]" Subject: IISP and Standards Date: Mon, 19 Dec 94 16:52:00 PST Message-Id: <2EF62B23@it.bb.unisys.com> Encoding: 240 TEXT X-Mailer: Microsoft Mail V3.0 X-IMAPbase: 1249813034 1 Status: RO X-Status: X-Keywords: X-UID: 1 Tony Rutkowski Vint Cerf Thanks for your very thoughtful responses to my comments. You both made some excellent points about processes and "legitimacy" which have merit and deserve attention. I+d like to respond in two parts - the first relative to the immediate issues of the IISP, and the second (for those interested) on the more general subject of standards and standards development. Since we started here, I will take the opportunity one last time to use the IISP reflector for both parts. PART 1 - IISP Probably the most important thing about the IISP is that the philosophy and legitimacy issues are not of much importance. IISP was conceived as a way to address the concern of the policy makers that missing standards would be a block to the implementation of the National Information Infrastructure. Because of that, the important things are (1) find the gaps where and if they exist; and (2) make sure somebody deals with the gaps. The issue of overlap has also come up, since interoperability problems can also result from multiple standards efforts. If this becomes a problem, then I suspect each case will be addressed (or not addressed) on an individual basis. IISP is a forum for standards organizations and not a standards organization itself. Because the "II" covers lots of different functionality, all of the various standardizing functions need to be involved if the private sector is going to provide the answers. This means networking groups such as IETF and T1, computer groups such as X3 and IEEE, the cable industry, etc. Without some level of cooperation between the groups it will be perceived - rightly or wrongly - that the private sector cannot get its act together. This is likely to result in government selection of the technologies, which as far as I can tell nobody (including government) really wants. This point is worth stressing because I think history may be getting in the way of cooperation. Vint+s note states "it seems to me that productive liaison can and should be established among the Internet Standards groups and IISP efforts." I think this is not the best approach, because it treats the IISP as another group, similar in nature if not specifics to the Internet Society. In my view, the ISOC (perhaps I really mean IETF) is an organization equivalent to X3, T1, IEEE, EIA, and other standards developing organizations - and the IISP is a place for them to meet and conduct liaison. I would therefore like to see the Internet folks as active participants at IISP, since they are every bit as much a standards organization in terms of "product" as anyone. (There may be confusion over the fact that it started at ANSI. It could have started anywhere; it just happens that key organizations in the computer and telecommunications industries started there because of ANSI+s historic role in providing a coordinating function for US standardization. If this is a problem for some reason, then we ought to discuss it.) I hope that the Internet Society can see its way clear to participate actively in the IISP so that we will really have a good private sector input into the policy and public sector processes, and so the technical community can really put forward good, interoperable and complementary solutions at all levels. PART 2 - STANDARDIZATION Both of you have pointed out that the hierarchy is essentially arbitrary; Dan Bart, moreover, has made the point that it is not necessary for all standards to be produced in the same way. However I do not agree that the "classic" method of standards production has become inappropriate, even in the computer and telecommunications field. What has happened, I believe, is that one standards developing process (Internet) has thoroughly beaten another (OSI); and that has been taken as meaning that everything about the loser is bad. Not so. As an observer of the process part of many organizations, there are far more similarities than differences between the Internet Society and most national or international standards development efforts. Most groups allow a wide range of participants from the private and public sector, and allow them to speak as individual experts at the technical development level. This first phase is followed by a second phase where a much smaller group provides an approval process, making sure that consensus has really been met and the technical output is consistent with objectives. The way in which this smaller group is selected varies widely across organizations; sometimes its members are elected, sometimes appointed, and in others anyone willing to pay the fee can join. But almost all the groups have this two-level process. A second common element is the mixture of electronic and physical meetings to work both the technical and non-technical issues. This is an area where the Internet Society has really led the way; it is only now that other groups are beginning to use the same techniques. A third common element is the need for funding (at some level) for the organization. Here we see some differences - dues, meeting fees, government grants, and sale of documents are all used as a way of meeting the financial needs of the organization. ECMA, for example, gives its standards away because the members are willing to pay for that expense. ASTM, on the other hand, relies on its standards revenue to pay 80% of the bill for its programs. Different approaches, but not completely alien. It is also worth noting that some organizations have been more successful because they have adopted certain policies. These tend to either provide strong focus (just one area of interest) or ensure practicality and near term success (insisting on running code). These are practices that other groups can emulate if their circumstances warrant. So if the organizations are all (at a strategic level) similar, where is the conflict? It is not, as Tony suggests, that ANSI and ISO represent "the traditional monopoly (or oligopoly if you prefer) schemes which foster legions of working groups toiling on top down standards projects in effectively "unopen" environments over decades" - that model has disappeared from the IT standards world at all levels and in the US has not existed (particularly the top down part) for as long as I+ve been involved. In fact one of the arguments we in the US have consistently had with our European counterparts is over how much top down management is required; and the US position has been consistently that people vote with their feet in a bottom up way. I think there are some real differences, however. I would characterize them as two different standardization models, which I will refer to as (A) the Competitive Market, and (B) the Coordinated Market, the latter being one way to characterize the ANSI/ISO process. In the Competitive Market model, standards organizations (and here I include consortia, trade associations, or anyone else who develops standards) are encouraged to compete to produce the best product; the market will determine which is successful. In many ways this resembles a normal competitive market, except that the competitors are groups of companies rather than individual ones. In fact it can approach the old computer market, with essentially proprietary (to the member set or licensees) technologies competing for incorporation into end products. (One unique facet of this is the fact that a given company frequently winds up competing with itself in this regard. Because the winners are not known in advance, many companies fund participants in all the groups.) The Coordinated Market model exists because it provides value, and that value will continue to exist. It is based on a premise which I heard expressed some years ago, that "standardization is the agreement to eliminate low value product differentiation." In this model, multiple (competitive) standards are indicative of a failure in the process if they really have no differentiation. The specific value-added features of this model, as represented by ANSI in the US, are the following. 1. The existence of an independent accreditation scheme ensures that the group is operating according to consensus and due process. This is valuable if you want to make sure that the results will be widely accepted, and that you will have a fair shake in all of the deliberations. It is also valuable if you have concerns about anti-trust issues. Few people I know want this to be a government function, so an organization like ANSI is a necessity. 1a. From the consumer viewpoint, a level of comfort that the consensus and due process means that the standard will be widely used and (because of the broad participation) not hostile to consumer interests. 2. A way to coordinate activities to minimize overlap and duplication, thus reducing the cost of participation. One of the most common points of frustration I hear from the user community is "too many standards" - and the Coordinated Market mechanisms tend to help in this regard, although they don+t eliminate the problem because of the voluntary nature of the system. 3. A method whereby the myriad of standardization groups can deal with issues of common interest such as government relationships to the private sector process. 4. A conduit for US interests to be fairly represented at international fora where nations are the only recognized entities. (See below for further discussion.) So long as these are real benefits, the ANSI system will continue to flourish. The discussion above is largely insensitive to the national/international issue. The next question is - given that there are interests all over the world, including companies, associations, individuals, and government - what is the best way to develop standards with real international consensus? The first question is whether an international "level", distinct from the groups that do the work, is needed. Again, different methods work in different circumstances; but there is a place for the kind of system provided by ISO and IEC. As to representation, there are several reasons why the concept of a "national body" makes sense. 1. Many small and medium sized organizations cannot afford to participate in a worldwide process because of travel expense, even when much of the work is done via electronic methods. This is particularly true of non-profit organizations such as universities. User organizations also tend to try and minimize expense since their financial interest in specific outcomes is much lower. I expect this problem to diminish over time, but history shows that some portion of the negotiations need the face to face contact for success. The concept of a "national body" provides a mechanism for these organizations to participate in the decision making process in a more geographically local, if less direct, way. 2. Governments are national in interests, so their participation must be in that context. National bodies provide them a "natural" mechanism. 3. Some nominally technical issues are in fact national issues, because they impact national public sector or private sector interests. Whether we like it or not, these can only be solved in a +country+ context because the issues have to do with competitive advantage, national pride, national security, or some other non-technical area. The forces of globalization are strong, but I see the influences of nationalism as significant at least for the rest of my time in this business. The existence of a national body process does not mean, however, that (as you point out) there cannot be other kinds of more direct representation. At the technical level, with individuals, I see few problems. At the approval level, however, there are issues which would need to be resolved - for example, does the assistant professor from the University of California get the same voting "strength" as the government of Japan? If Unisys has direct representation, can they also be part of a US, UK, and Dutch delegations? These are issues which are not relevant in a model which assumes individual engineers collectively trying to find the best technical solution; but the world is a collection of interests, and they are not all aimed at the same targets. (I expect Unisys participants in any group to have Unisys interests in mind, and I assume that others do the same.) In summary, I think it is worth exploring wider representation at the international level, but I think it still needs to exist - and I am not at all disturbed by the notion of an oligopoly. In fact I would say that the fewer top level organizations the better, because that+s how we can reduce duplication and expense. Maybe one of the differences in my two "models" is that I few a standards organization as a place where interests meet to come to agreement, not as a business in itself. Finally, a few words on the European scene. Vint observed that recent events (notably a November workshop run by the Commission) seems to be moving in good directions. I think that is mostly not true, at least from your perspective. As noted earlier, one difference between the US and European representatives in ISO/IEC processes has been the degree of "management" considered appropriate. One of the main issues for some time now has been a desire on the part of most European delegations for an active management process, with top down prioritization of projects. The US has consistently opposed this notion that anyone can set priorities at the top. The recent conference affirmed this European view, calling for a panel of "industrialists" (not standardizers) who will determine the critical interfaces, set the priorities, and approve the funding to be provided by the Commission. This is, in fact, headed in the opposite direction from the one that you would endorse. The notion that national bodies are becoming less relevant is also a consolidation; what the Commission appears to desire is a single, united European voice at the international level. The idea that +economic operators+ might hold direct memberships at European levels may be attractive (per the discussion above), but the ETSI example is not calculated to bring much comfort from American perspectives because the vote is weighted such that the administrations and network operators control the votes even though they are a minority of the participants. (As usual, it is important to recognize the distinction between the technical development and approval processes.) All in all, I think the current US system is much closer to what you want than the European system - and in general the Europeans propose to move further away.