Rob
Weemhoff, Senior Consulting IT-Architect at IBM
Sent: vrijdag 25 augustus 2006 14:23
Subject: Weblog April 14th, 2006 independent vs neutral
Steven,
I represent IBM in NEN committees, and I assure you the ISO standards
process is by design based on interest, and not independent in your
definition of the term.
---
Regards,
Ing. Rob G. WEEMHOFF
Sent: zaterdag 26 augustus 2006 14:45
Subject: RE: Weblog April 14th, 2006 independent vs neutral
Hi Rob,
Well, I’ve worked, on national and international level, in
a number of ISO working groups in the period 1985 up to 2000 too.
You’re right, in that timeframe there was a lot of influence
from commercial organisations. Because ISO, at least in those years,
worked with country delegations this influence was neutralised to
a certain degree. I don’t know about the last years, but until
the year 2000 ISO was a pretty open (be it unknown) community where
everyone could contribute through the proper country delegation. This
may have changed when NEN started to ask money from contributors,
your words suggest it has.
In my opinion ISO comes/came closest to an organisation able to write
independent standards and norms. Including the fact the way of doing
means it takes a long time before results are available. Standards
introduced by organisations like OMG and The Open Group, in fact combinations
of commercial organisations for commercial purposes, are at most neutral
(as The Open Group correctly states itself). But some activities claim
independence, and that is, in my opinion, misleading.
In my opinion there is a lot of good work to be done by consortia
like OMG and The Open Group in the field of agreeing on points of
view by IT-vendors. Although, there are a number of basic issues that
cannot be standardised at that level because they are not up for neutral
compromises through different commercial interpretations. A method
like TOGAF, for instance, may be a standard from the organisations
that form The Open Group. The fact a conceptual schema contains 9
concepts, as defined and proved in ISO, is above that kind of standard
because there may be many ways to work with those 9 concepts, TOGAF
is just one of them.
At the end of the day all of this comes down to what can be done
for organisations that need information (IT-vendors call them customers).
They buy and maintain a lot of IT to get this information. Standardising
real professional issues, like the 9 concepts I mentioned as an example,
should be above all discussion. I don’t see another organisation
then ISO to do this. Application of these kinds of concepts, like
in TOGAF in the example, can be done in the other organisations. In
other words: basic professional issues/concepts ought to be standardised
by another organisation then application of these issues/concepts.
There is another, more practical issue with neutral/independent.
Currently IT-vendors, supply-side, also offer services at demand side.
It happens quite often that people from IT-vendors (or people in alliance
with these organisations) work on both demand and supply side. This
leads to, at least, ethical and business problems. Like in the world
outside the Information and IT-sector we should introduce independence
between demand- and at supply-side. Do you agree with this? It would
mean IT-vendors would have to become real contractors.
Best regards,
Steven
Sent: maandag 28 augustus 2006 10:47
Subject: RE: Weblog April 14th, 2006 independent vs neutral
[...]
> This may have changed when NEN started to ask money from contributors,
your words suggest it
> has.
Yes, it has as long as I remember. When I replaced Rob van der Stap
(CMG) in NEN SC27 I insisted to pay what they asked while he always
refused.
> In my opinion ISO comes/came closest to an organisation able
to write independent standards and norms.
Agree, because all different interest can be represented. (If they
are able to pay)
[...]
> In other words: basic professional issues/concepts ought to be
standardised by another organisation then
> application of these issues/concepts.
Agree. ISO gives a standard, another organization, preferably demand
side, writes a profile. Supply side uses the profile. For example
Common Criteria Protection Profiles.
> There is another, more practical issue with neutral/independent.
Currently IT-vendors, supply-side, also offer services at demand side.
It happens quite
> often that people from IT-vendors (or people in alliance with
these organisations) work on both demand and supply side. This leads
to, at least,
> ethical and business problems. Like in the world outside the
Information and IT-sector we should introduce independence between
demand-
> and at supply-side. Do you agree with this? It would mean IT-vendors
would have to become real contractors.
You mean in the standardization process?
Or IT-vendors should not offer consultancy services?
Sent: dinsdag 29 augustus 2006 14:43
Subject: RE: Weblog April 14th, 2006 independent vs neutral
Hi Rob,
We agree on most issues. I have also refused to pay NEN because
I have always paid for my journeys and hotels myself. Travelling 2
or 3 times a year all over the world has cost me about HFL.100.000,-
per year without any help form anyone, and that was quite enough for
me. What NEN is doing now can only be done by large companies, and
that is a great pity. In my experience most knowledge and innovation
is in the people and the smaller companies.
> You mean in the standardization process?
> Or IT-vendors should not offer consultancy services?
I mean in practice. I do not propose IT-vendors should not offer consultancy
services in general, I mean they should not offer services specifically
targeted at demand side issues.
Even stronger: there is a real large area for consultancy on IT, and
I do think IT-vendors may be the best organisations to do this kind
of work in a large number of cases (I can also imagine some of these
services are offered by independent parties). Call it IT-solution-
or IT-supply-oriented services.
In practical terms I mean services around requirements and the knowledge
an organisation needs to have and manage about their information.
These subjects are the basis, for instance, for procurement activities,
because this knowledge contains what needs to be in a specification.
And I do mean there should be a discussion on the translation between
demand and supply issues. Not a vendor-neutral discussion, but an
essential, professional discussion where demand and supply will meet.
We tried to have this discussion in ISO ODP and other working groups,
but in that timeframe it was not possible to have this kind of discussion.
Today it may be.
Back
to the top of this page
From:
Hans
Bool
Sent: maandag
4 september 2006 1:23
Hello
steven,
Interesting
topic, this standardization dilemma. I Have a question about the passage:
"usually
contain trade-offs regarding professional rules and principles."
What
are these trade-offs exactly, could you give an example?
Do you
also mean that the standard only suits / serves the development parties
(developing the product and services) and not the maintenance parties?
Otherwise I do not see a threat when all stakeholders are equally
involved in the development of the standard...
The
case against the independent development is that this independent
organ is also less committed to the standard. I do think that standardization
is infrastructural and therefore serves a central-kind of development-implementation
approach, but all the parties should be somehow involved in this process.
Besides,
is there a way that we can measure the quality of a standard?
From: Steven
Sent: dinsdag
5 september 1:46
The problem is that usually only a small group of people takes part
in the development of a standard. These people work for organizations
and are in the standard development out of interest and out of commercial
issues.
Let me give you an example. Suppose we are talking about the SQL
standard. The work on this standard is based on the people that take
part. People from IBM input their knowledge together with their experience
with the SQL products they deliver. So does Oracle, Sybase etc.
Now suppose a change to the existing standard is proposed. For instance
another way a specific statement works. It may be, that IBM and Oracle
have a different implementation, and when the standard is changed
they will need to change their products in the marketplace to conform
to the new standard. This will usually also affect their installed
base, and it is not only the changing of the SQL-product that will
cost money, but also the change of the installed base, the applications
that are built by the current solution. There are examples where a
change can cost a 500 million dollar for an IT-vendor.
Now, if you are going to discuss the new standard, their may be a
number of participants who have these kind of problem. I say kind
of problem, because they will usually have a different implementation
of the standard and therefore have different problems. The usual way
to solve is to try and compromise. So, a kind of solution that will
have less cost for everyone, at least the strong vendors. If you are
working with country delegations, and vendors have people in several
of these delegations an extensive negotiation process frequently starts.
And in the case of SQL not one but tens or hundreds of these situations
may occur. You can imagine the tradeoffs that are discussed, and the
consequences such tradeoffs may have for the vendors.
In this process we have not yet talked about the way SQL should work.
As you know all is based in mathematics and the real working of things
is very much fixed. But in the tradeoff process, especially when we
are talking about relatively new standards, the commercial issues
are usually very strong, and the tradeoff may be in the working of
the standard itself. To be solved a next time.
Back to your questions:
… There are very many standards. Some are directed towards development,
others may be bound by operation. This may even depend on the crowd
that is developing the standard, because these crowds usually do not
have all groups available. Just look at the cost, no vendor can participate
in all of the 100's/1000's of standard activities at the same time.
I, for instance, have worked about 10 years on Open Distributed Processing
(ODP). At a certain point in time we had to write what we called the
information and the enterprise viewpoint. But the crowd consisted
of IT-engineers whose education and experience was in system software.
The only thing they could say about enterprises was that these enterprises
have to formulate policies and levels of quality of service. This
is why these two viewpoints are so weak in this standard. And this
was a standard where the system software products and their development
were prominent. It was the wrong crowd for that part.
… For independent standard development: should you accept "standards"
from the Open Group as such? They are a combination of 6 IT-vendors
and a number of involved organizations who look at subjects from their
viewpoint. Sure, there will some fundamental discussions, but in the
end they will each have to earn money with the result. This is what
is called neutral, based on agreement and negotiation. And 6 organizations
is just a small part of all.
Well, you say that standardization is infrastructural and therefore
serves a central-kind of development-implementation approach, but
all the parties should be somehow involved in this process. This is
why I made the difference between neutral and independent is important.
Standards like SQL, the real length of 1 metre, the definition of
application etc. should be independent: "everybody" involved
and agreeing (impossible, of course, but one should try). Standardizing
a method like TOGAF, The Open Group Architecture Framework, can be
neutral. It is the use of basic principles in a method that is to
be used in the market. Conformance of TOGAF to the basic standards
should be guaranteed, but usually is not.
Measure the quality of a standard? Good question, but a very difficult
answer. Can you determine the quality of the definition of the term
application? I have worked on Conceptual Schema Modeling Facilities.
At a certain point in time prof. John Sowa was able to give mathematical
proof based on object orientation and set theory that a conceptual
specification is only based on 9 concepts. Is this a high quality
standard? The fact was to hard for world, because in the end they
abandoned the standard. Too many changes to be made in practice, although
the mathematical proof was there. Another example: ISO 9000. Is this
a high quality standard? It has to be translated to practice before
it can be used, but it is widely used? You tell me.
Another issue is the conformance issue. Every standard has a paragraph
on conformance: what to do if you have created something to be able
to say it conforms to a standard? And who checks this? I know, a few
years ago, of 26 organizations who check ISO 9000 in the Netherlands.
And they must be accredited to do this work.
It would be great to be able to measure the quality of a standard.
But, again, also this is up for discussion because of the cost of
it all.
Back
to the top of this page |