Special Report: Standards Rule

It's easy to point out the flaws in IT standards and the bodies that produce them. They can be glacial in execution, weakened by compromise, co-opted (or ignored) by vendors with the biggest market share--or just plain boring.

But consider the alternatives: technological anarchy where no two products integrate, or totalitarian control by entrenched monopolies. To paraphrase Winston Churchill, standards are the worst form of government, except all those other forms that have been tried.

Fact is, without standards, the Internet wouldn't exist, interbusiness communication would be near impossible and you'd be under the thumb of equipment vendors (anyone remember IBM SNA and Digital DECnet?). The effect of standards on your network and application infrastructures can't be overstated. That's why we've prepared this primer on key standards in major technology areas: enterprise applications, security, servers and storage, management, wireless and network infrastructure.

Our technology experts discuss the standards that will have the most impact on your business. Case in point: The Web services alphabet soup of WSDL, SOAP and UDDI. These standards enable unprecedented interoperability among critical business applications. Just as important, they have compelled such major ISVs as BEA, IBM and Oracle to move away from the strategy of vendor lock-in, which means enterprises can deploy best-of-breed applications almost as easily as single-vendor suites.

Meanwhile, data security standards from the credit card industry provide an information security framework that can be applied to any organization handling sensitive data.

We also give you a heads-up on new developments that will affect your operations. Best-practice standards such as ITIL can boost operational efficiency and are transforming how IT delivers business value to the enterprise. Wireless technology represents a sea change in infrastructure deployment, and the 802.11n standard stays the course with a promise to speed raw throughput to 100 Mb per second or more. And SIP and SIMPLE are revolutionizing telephony and messaging with the promise of truly integrated communications platforms.

Our techno-policy wonks provide an essential refresher course on key standards such as 802.1X and iSCSI. Though little has changed with these infrastructure stalwarts, they're achieving newfound cachet: 802.1X underpins successful deployments of network admission control systems, and iSCSI is mounting a challenge to Fibre Channel SANs thanks to 10 Gigabit Ethernet.

The Power Behind The Acronyms

We contrast august standards bodies such as the IEEE and the IETF with upstarts like OASIS and the W3C. These relative new kids on the block are wielding significant influence due to the rise of Web services and SOA. But don't count out the old dogs yet; their focus on infrastructure may seem quaint to the application-centric crowd, but they still have compelling works in progress on the management, wireless and security fronts. And if you aren't yet a member or participant in any of these organizations, you may rethink that stance once you've digested our coverage.

We also illuminate the inner workings of standards bodies. All too often, vendors attempt (and sometimes succeed) to manipulate these organizations for their own ends. Because standards exercise considerable influence on the development of technology and the formation of new markets, they are a locus for all sorts of intrigue, including infighting, backstabbing, bullying and coercion. And you thought standards were boring!

Andrew Conry-Murray is NWC's business editor. Write to him at [email protected]. Beware The Hijacked Standard

Vendors have a complex relationship with IT standards bodies. Participation can be costly and time-consuming, and standards force vendors to synchronize their software or firmware with ongoing developments.

One solution: hijack the standards. There are two well-known techniques. The first is the de facto standard, in which a powerful vendor uses its market influence to write a specification's ground rules and exercise tight control over participation.

De facto standards, such as Cisco's NAC (Network Admission Control) and Sun's Java, are easier on the lead vendors because decisions are made faster, and participants rubber stamp whatever specs are handed to them. But they inhibit competition and leave one company--and its business interests--in control.

Open-source software standards are essentially de facto standards at the outset. When an open-source application proves to be a hit, a de facto standard exists. There are open-source software standards bodies, but they are concentrating on specific issues--and no one is (or should be) attempting to cover all de facto standards promulgated by the open-source community. The good news is, once the application is unleashed, the open-source community has significant input and can exert its influence to make changes.A variation of the de facto standard is to release "prestandard" products that anticipate what a final standard will look like. Vendors do this in the hope that first-to-market products will garner enough market share to shape the final specification. Early wireless standards, for example, suffered this, resulting in equipment from disparate vendors that failed to interoperate.

The second technique for hijacking a standard is to "embrace and extend" it. The goal is to lock enterprises into a single vendor's solution by adding a useful--but proprietary--component to an otherwise open standard.

Embrace and extend is always self-serving, but in some cases it's wrong to assign a sinister motive to a vendor. When Microsoft first published Microsoft Foundation Classes, it was an extension of C++. However, there were no standards for User Interface Design in C++, so Microsoft wrote some libraries to handle it in Windows. Though still a case of embrace and extend, Microsoft did it to fill the need for a UI class library.

Of course, no one is compelled to use the extensions but, in reality, they are a significant time saver, which means they do get used and vendor lock-in ensues.

Enterprises can't always avoid hijacked standards, but they can support standards bodies that repeatedly demonstrate they can't be dominated by a few vendors, consistently release high-quality standards and react reasonably to shortcomings in the finished product.--Don MacVittie, [email protected]

The development of infrastructure, whether for railroads, energy or information, has driven our economy. Any organization that controls the advancement of a critical infrastructure through standards has the power to enable or destroy an enterprise. Ignore them at your own risk.

When it comes to IT, the IEEE and IETF have had the greatest impact. In the past few years, however, newer bodies such as OASIS and W3C have begun to wield significant influence on IT systems development.

The obvious difference is that the IEEE and IETF represent infrastructure and communications protocols, while OASIS and W3C represent middleware and information handling. Less obvious, but just as significant, is the level of corporate participation.

The IEEE and IETF are driven by technologists and equipment vendors; corporate participation is rare at their meetings, though Boeing is a notable exception in IEEE, even chairing 802.11k. Another exception is when a particular standard, like IEEE 802.11p (Wireless for Vehicular Environments) directly impacts an industry. The IETF has an indeterminate membership, defined as active on a working group mailing list. As such, it is hard to tell the extent of corporate involvement.In contrast, note the significant corporate participation in OASIS and W3C. These organizations are garnering the attention of system designers and business planners, who are interested in middleware like SOAP and ebXML. As business processes are held hostage by middleware standards development, companies hoping to stay on top will be voicing their specific needs. This accounts for the participation of industry groups like the Automotive Industry Action Group and the International Air Transport Association.

Advances in wireless and network convergence from IEEE 802 and VoIP from IETF continue to transform the infrastructure landscape. But still, the fire that lights the business world still comes from OASIS and W3C.

Robert Moskowitz, an NWC contributing editor, can be reached at [email protected].