Comment by woodruffw
8 months ago
I agree about ISO, but I don't think there's a meaningful "toll gate" in this case: the standards are already free and public, this seems to just assign them identities in the ISO's standardization namespace.
(I'm at a loss to explain what benefit comes from being assigned an ISO standard versus putting a HTML document on the Internet.)
> (I'm at a loss to explain what benefit comes from being assigned an ISO standard versus putting a HTML document on the Internet.)
From the article:
"[ISO certification] should foster even broader adoption of OpenID Connect by enabling deployments in jurisdictions around the world that have legal requirements to use specifications from standards bodies recognized by international treaties, of which ISO is one."
The point was that countries clearly recognize standards that aren't bound to an ISO (or other international standards) process, given that every country in the world uses TCP, HTTP, and HTML.
(Unless we're now considering the IETF/W3C an international standards body? I can't find a good list of these anywhere.)
That's fair. And this type of standardization is far enough outside my wheelhouse that I don't know how to judge Mike's comments. He's pretty deep in that space, so I take it at face value. I don't think he'd have pushed this effort without there being value.
Looked on the OpenID mailing list site[0] and didn't find any discussion, so can't offer any other insight. I suppose you could contact Mike[1] and ask why it is such a big deal)?
> Unless we're now considering the IETF/W3C an international standards body?
Most of what I know about standards bodies I learned from Heather Flanagan, who is/was active in a lot of these and did a great presentation at Identiverse in 2022[2] about this very topic.
0: https://lists.openid.net/mailman/listinfo
1: https://self-issued.consulting/contact-me
2: https://www.youtube.com/watch?v=YBP8ffezycY
From wikipedia:
>The World Wide Web Consortium (W3C) is the main international standards organization for the World Wide Web.
>The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP).
I would also add IEEE to this list. I think it's pretty clear these groups are international standards organizations, it think it's pretty odd that OpenID Connect wasn't circulated as an RFC and they went the ISO route.
2 replies →
Countries recognize standards broadly along two avenues:
* Internationally recognized standards organizations, such as ISO (literally International Organization for Standardization). Republic of Backwoods and Kingdom of Flyover can't really do much against the majority of the whole world agreeing on something.
* Bigger Gun and/or First Past The Post Adoption, mostly exercised by the US in recent decades. Examples include practically all IT standards, aviation standards, and so on.
If you manage to combine them, you're basically unstoppable at conquering the world.
Any sort of government or similarly "official" organization loves to refer to ISO standard XXXX instead of writing out a summary of the standard when they document things.
Sometimes you see the same thing with organizations referring to web RFCs. It's likely because of a general culture of "don't try to invent new things if you already have a reference for it", although it doesn't really tend to make those documents readable.
> (I'm at a loss to explain what benefit comes from being assigned an ISO standard versus putting a HTML document on the Internet.)
Single source of truth. The internet has been plagued by numerous incompatible implementations of the same thing. There are numerous tests [0] showing incompatibility between simple serialization format JSON. How many times have you heard "Yeh, nice feature, but virtually nothing implements it"? A standard becomes whatever majority of highly adopted implementations do instead of formal specification. This is what you get for putting a HTML document on the internets. ISO standardization somewhat reduced this effect.
> but I don't think there's a meaningful "toll gate" in this case: the standards are already free and public
Major problem with ISO standards is that they cross-reference each other. It's rare NOT to find definition "X as defined in ISO 12345". Complex product may need to reference hundreds of ISO standards.
Somewhat tautologically I agree with you as in reality things are probably going to be implemented referencing tutorial subtly incompatible tutorials on the internet but will claim ISO compatibility.
[0]: https://www.getlazarus.org/json/tests/
> Single source of truth.
So to get a single source of truth we make, presumably, the same truth have more sources.
I think I know what you mean (sources as in standards organizations, not individual standards), but I also think that people arrive at this odd position because they aren't actually thinking about the practicality and the absurdity of making the world more complex and confusing.
> I don't think there's a meaningful "toll gate" in this case: the standards are already free and public
See Adobe and PDF: PDF 1.7 was available gratis from Adobe and also (“technically identical to”) an ISO standard. At the time, people expressed concerns about ISO’s paywalls and Adobe reassured them there was an agreement to ensure that wouldn’t happen. Indeed it did not... until PDF 2.0 came along, developed at the ISO, and completely paywalled.
I seem to remember (but don’t quote me on that) that AVIF and JPEG XL standards were at one point downloadable free of charge. In any case, they aren’t today.
This has now been remedied:
https://pdfa.org/sponsored-standards/