Tangled in the ThreadsJon Udell, July 26, 2000
Microsoft and Internet standardsThink Microsoft isn't paying attention? Think again.
Last week Jeffrey Shell ignited a lively discussion with this observation:
I am intrigued by Microsoft's submission of C# to ECMA, and Sun's withdrawal of Java from ECMA.
It intrigues me too. We're entering a period during which a next-generation Internet will be defined. Upgrading the existing plumbing (e.g., to IPv6) is only part of the story. We're also going to get a whole lot of new plumbing at the application level, to support the "cloud of services" that the Internet is becoming. With its .NET initiative, Microsoft has announced its intent to be a key architect of this new infrastructure. In many quarters, that announcement was greeted with suspicion. The catcalls from the Slashdot crowd were predictable. A bit more surprising, perhaps, were the similar catcalls heard from corporate IT types quoted in Computerworld stories. Nobody likes to think that Microsoft will end up in control of the Net.
One of the arguments often heard is that Microsoft disregards the standards process that has governed the architecture of the Net. What catalyzed the open source software (OSS) movement, after all, was the mainstream recognition of what OSSers had known for years: that software, and protocols, and the people who create software and protocols were the unacknowledged legislators of the Net. Among OSSers, it has been an article of faith that Microsoft "doesn't get" this inherently democratic and collaborative process. For example, James Power asked recently in my newsgroup:
What open standards is MS currently supporting in shipping products -- without an embrace and extend philosophy?
Some that came immediately to mind were POP3, IMAP, HTTP, SMTP, NNTP, CSS, XML, XSL, DOM, SOAP, WebDAV, and ECMAScript.
Is it wrong to embrace and extend? I don't think so. Sure, these and other Internet standards are the products of an amazing collaboration. The motto of the Internet Engineering Task Force is "rough consensus and working code." That an architecture has coalesced out of this turbulent process is indeed remarkable. But as David R. Johnson and David G. Post, writing for the Cyberspace Law Institute, pointed out in a 1996 paper on Internet governance, the participants in that process are not disinterested in its outcome:
The net itself solves an immensely difficult collective action problem: how to get large numbers of individual computer networks, running diverse operating systems, to communicate with one another for the common good. And, yet, the net is really nothing more than a set of voluntary standards regarding message transmission, routing, and reception. There is not now and never was a central governmental body that decreed or voted to adopt a law stating that TCP/IP is required to be used by those wishing to communicate electronically on a global scale, or that HTTP is required to be used if you wish to communicate over a particular portion of the global network (the World Wide Web).
The "rule-making" process for baseline protocols of the net had none of the vices of centralized, top down, bureaucratic or political, governance. The rules instead evolved from the decentralized decisions by individuals to adopt a promising standard because it served their own interests.
When people embrace standards correctly (which, sadly, they often do not) we'll have a stable and workable baseline. But there's nothing evil about extending. That's how we move forward. Innovation doesn't arise from standards bodies, but from working code that points the way to new standards. The Internet has always evolved this way. The process is healthy, normal, and often exemplary. It's not altruistic, though. Companies adopt and try to extend standards because they find it in their own interest to do so.
What I miss most about the current Net scene is the significant platform evolution that happened with every browser rev, and the competition that drove that. Netscape was accused -- often rightly -- of trampling standards. But the company was also engaged in the standards process. And it was subject to checks and balances. There were always multiple, competing implementations of Netscape's products.
Microsoft today in some ways resembles Netscape in 1996. It has a vision for the Net, and an agenda, and is deeply engaged in the standards process. The Web Standards Project, which has rightly chided Microsoft for its share of standards-trampling, noted recently that IE5/Mac "offers the highest real-world standards compliance of any browser yet shipped" with respect to CSS. Microsoft is also currently a leader in other key areas: DOM, XML, XSL, DAV. The company is, in fact, learning to play by Internet rules -- with a vengeance.
Microsoft's growing IETF participation
I was curious about how various entities have participated in the Internet RFC (Request For Comment) process, and how that participation has changed over time. So I downloaded all the RFCs and did the following:
- mapped out the dates of all the RFCs
- grepped the RFCs for contributors (lines like "Email: firstname.lastname@example.org")
- counted contributors by company and by date
Here's what the results look like for Microsoft:
rank 6, count 62: microsoft.com 1995 1 1.6% 1997 10 16.1% 1998 9 14.5% 1999 27 43.5% 2000 15 24.2%
Column 2 of this report counts how often a company's domain name appeared in an RFC author's email address, for a given year. Column 3 is the percentage of that year's contributions relative to the total for the domain name.
Unlike other leading participants -- Cisco, IBM, Sun -- Microsoft only recently "discovered" the Internet and got involved in the process. But while ranked 6th overall (see full results here, Microsoft has clearly overcome its late start.
The company became a major contributor in 1999 and 2000 -- second (after Cisco) for both years in terms of absolute numbers of contributions. On a percentage basis, MS has done 68% of its participation in the last 1.5 years, Sun 47%, Netscape 47%, Cisco 45%, IBM 30%.
So what does this mean? As Calvin Powers rightly points out:
The _quantity_ of a company's participation in the IETF standards process can in no way be used to determine the _quality_ or _motives_ of that participation.
A company might be devoting its energies 100% to creating an efficient, well understood standard that's simple enough to ensure cross vendor interoperability.
Or, a company might be using 100% of its IETF energies to block a standard from seeing the light of day, subvert it, or morph it into a "standard" tied to its propietary technology.
In the end, everyone has to judge Microsoft, or any other company for that matter, by the products they ship, not the amount of talking they at the IETF.
Touché. At issue here was not that Microsoft proposed to extend Kerberos, but that it did so independently, had not published those extensions even after the release of Windows 2000, then did publish them under a restrictive license that offended just about everyone.
Kerberos and WebDAV
For every Kerberos, there's a WebDAV. Microsoft was an early WebDAV leader, and remains a key promoter of this important new standard. One newsgroup member complained:
I'd hasten to point out that MS is presently shipping weird (ie., broken) implementations of WebDAV. This is not atypical -- other companies ship broken implementations too -- but MS hasn't exactly been eager to correct their mistakes.
But Mark Wilcox countered:
I think you need to be more specific. I have replaced all but 1 FTP server with WebDAV here at UNT (using Apache mod_dav as server, Windows Web Folders as primary client). We haven't had any problems with it.
You're right, it's probably not 100% true to the specs, but compared to what they did with Kerberos, DAV is as close a company is going to get.
I have to give them credit for pushing DAV out before the world really wanted it. By spring 2001, I'm hoping to turn off all of my FTP servers and just use DAV. My users don't have shell access and really wouldn't know how to use scp [the secure copy utility that comes with ssh] even if I wanted them to.
Mark went on to make what I think is the crucial point:
There is a huge opportunity to improve the services we provide over the Web. To MS, this is an awesome business opportunity that they must exploit. There is nothing in .NET that can't be done in the open-source, open-standards community. But there is nothing that is driving us to accomplish a similar feat. Because the idea came out of Redmond, many in the open-source community have snickered and not thought more about it. There is still time, many components are in place, and the open-source community could easily beat MS to the punch. But if MS is the only game in town, they will be the only game the majority of people will play.
We can all remember when Microsoft had never heard of the Internet standards process. But that was then. Now, it has fiercely engaged with that process -- and at a crucial moment when the architecture of the next-generation Net is up for grabs.
I hope that OSSers will likewise ratchet up their level of engagement, and weigh in on the definition of that architecture in a more coordinated manner than they have to date. It's not about Linux, or Mozilla, or Apache, or Perl, or Python, though it can (and should) involve all these things (and Windows too). It's about building out the "cloud of services" and deploying a next-generation universal client that connects people to those services. Does Microsoft want to control that version of the Net? Of course. Will it? Only if unchecked. The Net relies on the interplay of competitive and collaborative forces to maintain the genetic diversity that keeps it healthy. Microsoft, having adapted itself to the Internet process, will now perturb the balance of those forces -- a fact that OSSers ignore at their peril. Restoring that balance may require, in part, a coordinated effort to embrace -- and extend! -- .NET.
Jon Udell (http://udell.roninhouse.com/) was BYTE Magazine's executive editor for new media, the architect of the original www.byte.com, and author of BYTE's Web Project column. He's now an independent Web/Internet consultant, and is the author of Practical Internet Groupware, from O'Reilly and Associates. His recent BYTE.com columns are archived at http://www.byte.com/index/threads
This work is licensed under a Creative Commons License.