Tuesday, January 02, 2007

Standards, we have standards

My friend Jackson Shaw (formerly of Zoomit, Microsoft and now with Quest) opined recently about an article in Network World. He quoted Christopher Paidhrin (Chief Security Officer, Southwest Washington Medical Center) as looking to "recommend the adoption of an international standards body model for identity management, where differing technologies and solutions could build on a common set of protocols, encryption algorithms and interfaces to vastly simplify the individual's experience".

Shaw notes "I think we already have many of the standards in place that we need today like SAML, WS-*, LDAP, DSML, AES, PKCS, etc. Many of these standards are IETF, NIST or industry standards versus international standards like those set by the ISO." and reminds us that X.500 and DAP were international standards which are, today, honored mostly in the breach.

Echoing many technologists who have gone before, Jackson pleads: "We don't need more standards - we need vendors to use the standards that exist today and build better products."

In fact what we need are fewer standards. There's currently a raging discussion on the OpenID email discussion list about the need to pay to register an i-Name. While I personally still aren't sold on the concept of i-Names, the need to pay to register isn't any where near the top of my list of objections. What is at the top is the question why do we need to even institute this "standard" when there are other things which do the same job equally well?

It's about time that vendors (and i-Name's Cordance and NeuStar could start) took a long hard look at the standards process and started using existing systems rather than creating new ones. Better, users should resist adopting new standards unless they provide a significant improvement over the older way of doing something. It's time to take a stand.

Well said. I agree - we need less standards and better products!

All the best for 2007!

- Jackson
I think you've beenr eadin my mind.
Just prior to sxip joining up with the crew for openid 2.0 I emailed he sxip list as to why they were bothering with a new protocol whyd didn;t they (everyone - not just the sxip team) pick one and stick to it.

Now I;m sure my comments had little if any effect on the outcome - but it seems that I might (sort of, at least) have got this one right.
Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]