FOSS Open Standards/Standard-Setting and Open Standards
This section will look into standard-setting processes and the more important standards bodies in IT, and how they relate to the setting and adoption of open standards.
In this document, the term Standard-Setting Organization (SSO) is taken to refer to an organization that attempts to set standards or make recommendations which, when widely deployed, become de facto standards. There are many SSOs, national, regional as well as industry-based. A formal SSO refers to one that is recognized directly or indirectly by a government entity. Very often, there will exist a formal SSO in a country that the government recognizes as the national standards body and which has the authority to designate a specification as the national standard for the country. Thus, for example, in India, the Bureau of Indian Standards (BIS) is the national standards body; in the USA, the American National Standards Institute (ANSI) is the official body; while in the United Kingdom, it is the British Standards Institute (BSI).
While any organization can come up with its own specification and call it its standard, to be an internationally acceptable standard, it has to be either set or adopted/adapted by an SSO that is recognized as an international standard-setting body. The three organizations having the highest international recognition are the International Organization for Standardization (ISO), International Electro-technical Commission (IEC) and the International Telecommunication Union (ITU).
ISO  is an international standard-setting body made up mainly of representation from national standards bodies. IEC is a standards organization that deals mainly in setting standards for electrical, electronic and related technologies. A body that is an accredited representative to ISO or IEC is called a Standard Development Organization (SDO); most national standards bodies are SDOs. ISO produces standards in many domains, including IT. Many of its standards are also developed jointly with IEC, in particular, the ISO/IEC Joint Technical Committee 1 (JTC 1) is active in setting standards for the IT domain.
ITU, one of the world's oldest international standards bodies, was established to standardize and regulate international radio and telecommunications. With the convergence of IT and telecommunications, ITU (specifically its Telecommunication Standardization Sector, ITU-T) is now also involved in specifying standards (or Recommendations as it calls them) that impact the ICT world.
The setting or creation of new technical standards can basically follow several main processes: de jure, de facto, and industry-created standards.
De jure Standards
De jure standards are normally created by formal SSOs following procedures that have been established by these bodies. Based on a need, work on the creation of a new standard is proposed by one or more members of the organization. This is called a new work item proposal. If there is enough support, work on drafting the new standard is started by a small committee or working group. The working draft may go through several cycles of deliberation, voting and modifications by the working group members (as far as possible, a consensus among the members is usually sought) before it is released as a draft to other members of the main organization or committee for scrutiny. At this level, it may be sent back to the working group for further changes and the cycle repeated until it is accepted as a draft standard for publication by the organization. Once it is published, it becomes a formal standard from the organization.
In SSOs, like ISO, the final acceptability of the draft is determined by a formal vote from the participating national bodies. After this final round of voting, the draft document is published.
The advantage of such a process as described above is that formal and accountable procedures are followed and each step in the process is accomplished through consensus as far as possible. The members of the SSO are given an opportunity to contribute during the drafting of the document. Some SSOs also allow contributions from invited subject-matter experts. The idea is that everyone interested in the standard should participate; and the standards creation process be seen as neutral and transparent, not controlled by any particular group or party.
There are several disadvantages to the process involved in the creation of de jure standards. First of all, the entire standard drafting process can be quite long because of the structure and makeup of the formal SSOs. For example, in the case of ISO standards, there is commonly a time span of two to three years from the new work item proposal to the publication of a standard.
While the standard-setting process formally tries to be neutral and impartial to any group, in practice this may not be so. In some cases, vendors and commercial organizations will send their experts to participate and push their own agendas, e.g. the inclusion of the specifications of their particular technology into the standard. Also some formal SSOs, like ISO, allow participation mainly by the national standards body only, so direct participation is restricted. However, interested parties should be able to participate at the local level via their national standards body, that will then carry the so-called national viewpoints, which may or may not concur with those of the interested parties.
The publication of a de jure standard by no means guarantees its success in implementation and acceptance by the industry and users. Sometimes, a simpler and more practical standard from the industry may win over a more complex and difficult to implement standard simply because implementation is simpler and faster, which results in better acceptance in the industry. A classic example of this is the highly complex but more complete X.400 suite of messaging protocols which is not widely used today as compared with the simpler but more easily implemented SMTP mail protocol that forms the backbone of Internet email. The former was developed by the formal SSOs, ISO and ITU-T, while the latter came from the industry-driven IETF body.
Examples of internationally recognized SSOs that are active in putting out de jure standards are ISO, IEEE, ITU-T and ANSI. Examples of widely used de jure standards include:
- EEE 802 - a set of standards for Local Area Networking (LAN)
- ISO 10918 - a standard for the JPEG graphics compression and file format
- ITU-T X.25 - a standard for packet switching networks
Not all standards are created from scratch. Very often, an entity (e.g. an industry forum or group) may propose that a standards body, like ISO, adopt or adapt its standard or specification as an international standard. Sometimes a de facto standard may also be submitted to a standards body for adopting/ adapting as an international standard.
De facto Standards
In the fast-moving IT industry, very often, some technology or product may become so popular that, as a result, it becomes generally accepted and widely used by a majority of users throughout the industry. As a result of this, a de facto standard is established that everybody seems to follow as though it was an authorized standard from a standards body. Examples of these are:
- the FAT file system from Microsoft
- the Adobe Portable Document Format (PDF)
- the Hayes command set for dial-up modem control
- the Hewlett-Packard Printer Command Language (PCL)
The main advantage of a de facto standard is that widespread acceptance in its implementation and usage is assured. It is unlike a de jure standard where the standard is just debated and agreed upon by the committee of the SSO and hence industry acceptance is by no means guaranteed.
Since a de facto standard does not have to wait for committee debate and approval, changes and modifications are made much faster. Indeed, very often it tends to change as and when the product is upgraded or improved.
The main disadvantage of a standard set in this way is that, very often, it starts off as part of a product implementation and as such will invariably include some technology and/or specification that is either owned or controlled by the vendor or group that produces the product. Unless that party is willing to give up control or at least share the control by allowing other stakeholders to be involved in developing and driving the de facto standard easily, there is a possibility of a lock-in later.
In some cases, after some time, a de facto standard may be submitted to a more independent standards body for adoption or adaptation whereby the proprietary control is relinquished and it may then become a real open standard. An example of this is the Network File System (NFS) that was originally introduced by Sun Microsystems as a means of allowing a user to access a file on a remote machine in a way similar to how a local file is used. Later, with the widespread usage of NFS even on other vendors' systems, it became part of the TCP/IP application standards from the IETF.
These are sort of intermediate between the de jure standards set by formal standards bodies and product based de facto standards set mainly by vendors and owners of products. There is a trend nowadays in the IT industry for various consortia or groups to be formed among stakeholders in a particular segment of the industry. One of the functions of such a group may be to develop standards and/or recommendations deemed important and necessary for the progress of the sector. A good example of such a group is OASIS. OASIS is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. It produces many Web services and Internet-related standards for e-business deployment, such as Universal Description, Discovery and Integration (UDDI) and OpenDocument Format for Office Applications. The W3C is another consortium that has influence in the Web industry. It develops interoperable technologies (specifications, guidelines, software, and tools) for Web usage, e.g. HTML, XML, SOAP, etc. Although it is not a formal standard-setting body, it does come out with recommendations on Web technologies and services that are followed by many developers and/or vendors.
While the industry may adopt and support many of the standards or recommendations from these industry consortia as de facto standards, the established ones are eventually submitted to be adopted by traditional international standards organization like ISO to become a "legitimate" international standard. Many of these industry bodies have on-going liaisons with the technical committees of the international SSOs.
Open Standards Organizations
Bodies dealing with standards are usually non-profit and may be government-appointed, industry-backed, non-government organizations or even voluntary ones. While almost all of these claim to be "open" , some are more open than others especially with respect to the free and easy accessibility and open participation criteria discussed in the Introduction. Some more active organizations that are generally perceived to be open include IETF, IEEE, OASIS, W3C and the Free Standards Group (FSG).
Note that this list is by no means an exhaustive listing of open standards bodies and indeed some may dispute the inclusion of one or more of these and/or the exclusion of other bodies if the accessibility and open participation criteria are applied strictly. However, in terms of important IT standardization activities and relative "openness" to world-wide participation and access by organizations big and small, the organizations listed earlier do stand out.
Standards and/or recommendations from these bodies account for many of the standards being deployed or developed in the IT and Internet/Web industries. Many of these standards have also been adopted as standards by international SSOs like ISO.
As noted earlier, these non-formal SSOs often have liaisons, especially at the technical working group level, with formal organizations such as ISO and ITU-T. Therefore, there is awareness and knowledge of the work and activities of the respective working groups from the various organizations working in the same area.
The Internet Engineering Task Force
Internet networking standards and protocols, like TCP/IP, became de facto standards when the Internet was widely embraced throughout the world. IETF is charged with developing and promoting Internet standards. It is a voluntary organization with membership open to any interested individual. The actual technical work of IETF is done by its working groups which are formed, based on topics, into several key areas. Each area is overseen by an area director and the area directors, together with the IETF Chair, form the Internet Engineering Steering Group (IESG), which is responsible for the overall operation of IETF. ETF is overseen by the Internet Architecture Board (IAB) which is, in turn, responsible to the Internet Society (ISOC).
The drafting and setting of specifications and standards by IETF is carried out considerably faster when compared to the formal SSOs. IETF working groups do the drafting work. A new set of specifications starts off as an Internet Draft which is placed in IETF's "Internet-Drafts" directory and also replicated on a number of Internet hosts. Interested parties are encouraged to comment on this, usually through the working group's mailing lists. Based on comments and feedback, the draft undergoes several rounds of modification and then moves on to become a Requests for Comments (RFC) document and is published.
The specifications in a RFC document may be implemented by the Internet community and it can become a de facto standard if it receives wide acceptance. An RFC specification for which significant implementation and successful operational experience have been obtained may be elevated to the Internet standard level and is assigned a number in the STD series while retaining its RFC number.
The World Wide Web Consortium
W3C  is an international consortium that specializes in the development of protocols and guidelines for use on the World Wide Web. It is the leading body for specifications on Web technologies and applications. It calls its guidelines and specifications "Recommendations" which it considers as equivalent to Web , standards. Many W3C Recommendations have been submitted to a formal standards body like ISO to become international standards.
W3C believes in complete interoperability for the Web to function and realize its full potential. Towards this end it publishes open standards for Web languages and protocols. This makes it possible for Web technologies to be compatible with one another and to allow any hardware and software used to access the Web to work together.
W3C is an independent body, membership is open to any organization and there are several categories of membership depending on the nature of the organization. W3C counts vendors of technology products and services, content providers, corporate users, research laboratories, standards bodies, and governments among its members. Individuals who are not employees of W3C member organizations can also be involved by participating in the technical discussions in its many public mailing lists.
The Organization for the Advancement of Structured Information Standards
OASIS  is a non-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Standards produced by OASIS include those for security, Web services, conformance, business transactions, supply chain, public sector, and interoperability within and between marketplaces.
Membership of OASIS is open to both individuals and organizations all over the world. There are several types of membership and OASIS has a diverse membership base, counting users and vendors, governments and universities, trade groups and service providers among its members.
OASIS prides itself on its transparent governance and operating procedures. The members themselves set the OASIS technical agenda using a process designed to promote consensus and unite disparate efforts. Completed work is ratified by open ballot before it is published as an OASIS standard.
The Free Standards Group
FSG  is an independent, non-profit organization dedicated to accelerating the use of free and opensource software by developing and promoting standards. It is supported by both commercial corporations in the IT industry as well as the FOSS development community. All standards produced by FSG are available free and are distributed under open source licenses. Anyone can participate in and contribute to the FSG standards development by participating in the various FSG standards projects mailing lists.
The FSG is responsible for the important Linux Standard Base (LSB) standardization activity and the Open Internationalization (OpenI18N) initiative. Some LSB specifications have been submitted to the ISO/IEC JTC1 SC22 working group on GNU/Linux standardization.
The Institute of Electrical and Electronics Engineers
IEEE is a non-profit, technical, professional association of more than 360,000 individual members in over 175 countries. The IEEE Standards Association (IEEE-SA) is active in the development of technical standards in the fields of information technology, telecommunications, and energy and power. IEEE standards development is guided by the five basic principles of due process, openness, consensus, balance and right of appeal; it is open to all and not restricted to a particular type or category of participants.
The working groups that are developing the standards are open to the public and have well-publicized procedures regarding membership, voting, officers, record-keeping and other areas. They try to be as transparent as they can, agendas for meetings are distributed beforehand and the results of a group's deliberations are publicly available, usually through meeting minutes.
When a draft standard is deemed mature enough, it goes up for balloting to become an IEEE standard. The sponsor of the standard forms a balloting group by inviting people from an "invitation pool" The latter consists of IEEE-SA members or people who have paid a ballot fee and are interested in balloting some of the draft standards. Unlike the development stage where anyone can contribute comments, only members of the balloting group can vote in the ballot. The ballot sponsor has to take care that the balloting group is balanced with no domination by any one group or company.
Many IEEE standards have found international recognition and usage, e.g. the IEEE 802 series of LAN/ MAN networking standards like 802.3 (Ethernet) and 802.11 (Wireless Fidelity (Wi-Fi) ).
- Krechmer, K., "The Meaning of Open Standards", http://www.csrstds.com/openstds.html
- The International Organization for Standardization (ISO) http://www.iso.org
- The International Electrotechnical Commission (IEC) http://www.iec.ch
- The International Telecommunication Union (ITU) http://www.itu.int/
- The Internet Engineering Task Force (IETF) http://www.ietf.org
- IETF, "Overview of the IETF" http://www.ietf.org/overview.html
- The Internet Society (ISOC) http://www.isoc.org
- RFC 2026, "The Internet Standards Process, Revision 3" http://www.ietf.org/rfc/rfc2026.txt
- Official Internet Protocol Standards http://www.rfc-editor.org/rfcxx00.html
- The World Wide Web Consortium (W3C) http://www.w3c.org
- Organization for the Advancement of Structured Information Standards (OASIS) http://www.oasis-open.org
- The Free Standards Group http://www.freestandards.org
- IEEE Standards Association http://standards.ieee.org