[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re TOP and its corruption

To: 'Mark Wahl ' <M.Wahl@INNOSOFT.COM>
Subject: Re TOP and its corruption
From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>
Date: Fri, 09 Jul 1999 06:24:39 +1000
Cc: "''ietf-ldapext@netscape.com ' '" <ietf-ldapext@netscape.com>
Resent-date: Thu, 08 Jul 1999 13:25:13 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"jRqKgC.A.jGE.UkQh3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com
Thank you Mark for taking the time to explain the role and modus
operandi of the IETF and its working groups and the situation with the
development of standards. And I do  find the response well written and
very objective. 

I have been involved with the standards process for over 20 years from a
communications to application perspective and these include the IETF,
ISO, ITU and industry bodies for Transport (vehicles), Defence, Banking,
Quality, etc as well as distributed information systems such as
directory services.

Without question over these years, all of the professional people I have
worked with in the development of these standards, respect the cost and
effort that goes into the process and in the case of IT standards
understand the importance of the Object Identifier authority mechanisms.
Today, OIDs are globally used and represent Telecommunications carriers,
Standards bodies, Defence organisations, Traffic Management messages,
security algorithms, message types,MIBs,  etc. In fact most of the
standards developed over the last 10 years have used Object Identifiers
to define their protocol and information components.

An object identifier represents two components. It represents the
authority that has been formally assigned to define and manage the
subordinate arcs of the OID -  and it represents the type of the data
definitions represented by these arcs.

ie. OIDs represent the formal and globally recognised identification of
registered organisations, their responsibilities and their investments
in the codification of their standards. 

Professionals in the whole of the IT industry worldwide, treat such
identification systems with common sense and respect simply because
without such systems, the standards they apply to are meaningless.


In my own personal opinion, to reapply the definition to an OID that is
the authority of someone else (after a decade of investment by others),
is not providing any respect to the efforts to the authority of the
people that have contributed to the codification what that OID
represents.

The matter is compounded, when such violations and infringements are
followed through with public statements that the standard in which the
OID is used in used is not workable, too complex, does not reflect
market needs, etc. This again in my own opinion, is simply disgraceful.

The matter is made even worse when such action actually takes the very
foundation of that standard  (in this case TOP of the X.500 and LDAP
directory information model) and redefines that with what can only be
seen as "a complex collection of unsorted and unstructured proprietary
attributes". And then expecting that the rest of the world will deal
with it in terms of costs, information mapping, schema mapping,
configuration control mapping and multitudes of access control regimes,
etc, etc - and putting such important business requirements as single
point of service logon (now demanded by many customers) at considerable
risk.
What I think of such an action, well on list, words fail me.



Your statement about implementations not putting all the features of a
standard into its product or not being compliant in areas, etc is what
the normal process is when developing standards and products. I have no
problem with that.

But I do have a major problem when the fundamental discipline of
standards development is casually violated unilaterally and without
notice. ie was this modification of TOP and its effect on directory
services discussed on the standards list by any of the vendors
concerned?.


If the IETF working groups are nothing more than an open R&D process for
IT mechanisms (not industry system standards) and that the OIDs applied
to these standards need not be honoured and protected by the IETF, ISO
and ITU and its members. Then why bother with investing these "standards
bodies " at all. 

However, if these standards bodies feel that they do provide a
worthwhile standards process. Then when companies involved with such
standards process say they support standards, but in fact violate the
very fundamental principles and mechanisms (OIDs) they are built on, by
definition, the motives of such companies should be publically
questioned.

I.e. If the IETF and ISO and ITU as industry bodies do not defend the
efforts of their members when such efforts are codified by the authority
of OID allocation, and the very parties that infringe such authority
couple that with statements that the standard is not workable, etc, then
the whole standard process world wide must be deemed as broken.

Standards bodies are made up of members. When the investments of those
members are undermined, then its up to the members to use the mechanisms
and processes of the standards bodies to do what they can to correct the
issue.


I for one would like to see that the standards bodies at the senior
levels question this issue with the respective suppliers, simply because
the OID used in this case is that of the standards body, not of the
vendors.


It very obvious to me that those who have redefined TOP for their own
use and include variance in Mandatory and Optional attributes, security,
certificates, CRLs access control, knowledge, object Ids User Ids,
references attributes, etc - will have major interoperability issues in
these areas. In addition any applications and management processes
associated with these attributes, by definition will have to deal with
these variants across different products.

For the customer though - this will just add to their cost and make
their information systems more of a mess to what they may be already and
certainly more fragile. 

To me this situation is hardly a credit for the standards process or the
engineering disciplines and marketing strategy of a vendor.

No doubt systems integrators and customers alike will decide if they
want "the standard" or an interpretation of it. And one of the questions
asked  about directory systems will be.

"If I buy these limited LDAP servers, where I have to replicate
everything to everywhere, where the client software has to deal with all
the system issues and there are variances in the definition of TOP. What
is the effect on system operations including the consolidation of the
information schemas, its access control systems, its system knowledge,
its User information and the directories that use the standard TOP with
simpler and more appropriate DIT models?"

In answer to the above, the effect is a big costly information mess. The
result is certainly not a standard directory system, that for the
dollars invested, provides a corporate capability.

In fact the smarter customer is now very aware of the LDAP server -
replicate everything to every where issue... having a mess for a schema
like this will just compound the issue.

I would like to request that any supplier that has redefined TOP in this
way - looks at the corporate wide implications now facing its customers
that are associated with directory information management and system and
information integration and see if that is the marketing strategy they
want and can deploy to. 

regards alan

The opinions presented are my own and not of my employer.
Prev by Date: Another bug in I-D draft-ietf-ldapext-ldap-java-api-05.txt
Next by Date: Questions and comments re: draft-ietf-ldapext-acl-model-03.txt
Index(es):
- Chronological
- Thread