What are they so scared of? (Updated)

By Rick Jelliffe
July 17, 2008 | Comments: 12

ODF is about the future, Open XML is about the past. was a comment by IBM's Bob Sutor that I picked up and endorsed in January 2007. This week, Alex Brown (who was asked to organize next week's meeting in London to figure out the best way to maintain —fix, complete, evolve, retire—OOXML at SC34 which is the ISO/IC JTC1 committee charged with looking after OOXML and ODF) issued a press release which takes a similar view: The recently standardised OOXML format will now take second place to Open Document Format (ODF).

The reaction from Dr Sutor is typical: I'm guessing there was some commercial reason... Gosh, if that is the reaction when someone agrees with him, what must the reaction be when someone disagrees? (When people wonder where the slimy rumours of corruption and bribery come from, that turn out to be completely false, they were probably originally guesses like Sutor's.)

I presume the reason for Dr Brown's press release is quite simple and innocent: to put it on the record that his view is pro-standards and pro-ODF but that he acknowledges there are benefits to having both ODF and OOXML as ISO standards. The kind of neutrality and disclosure that is needed for his current role.

[Update: To see more of this habitual (or, at least, tactical) demonizing and personal attack, see for example the comments of one rcweir on Groklaw: Mr. Brown is not careless with words and he delights in all manner of ambiguity. My guess is that he is sitting back laughing right now at how people are interpreting his press release. ]

Other Soldiers

IBM's Rob Weir also has joined in. His blog entry Toy Soldiers is also an attack on the idea of a maintenance process but entirely muddled. Take the comment:

Who is better positioned to clarify exactly how Excel financial functions work, the Microsoft engineer who has access to the Excel source code, or an SC34 representative from Khazakstan?

I'd like to point out two things. The first is obviously that this is a false choice: the representative from Kazakhstan could raise the issue, and then Ecma get a response from MicroSoft. Or, if MicroSoft were slack in responding, it could be noted in the standard that there may be other methods deployed. Or the indefatigable Kazakhs could reverse engineer the behaviour and add that. Or the SC could decide that the current method was unclear and that adopting some other method was a better approach at the risk of breaking things and alienating vendors. All possible, none improbable approaches.

The second thing is that underneath the reference to Kazakhstan is the idea that small National Bodies do not have a place at the table; that vendors are important and others are not. More about this later.

ODF Alliance Brasil's Jomar Silva OpenXML: Finally the hidden truth emerges is also on the attack against maintenance at ISO. (He manages to get it right that this is JTC1 not ISO, however in the ensuing flummery he misses the point that the London meetings are about the best way to proceed with maximum openness and effectiveness, not the details which of course would require the endorsed text.)

Topsy Turvy

Which finally brings us the point. Why are these people so scared of openness?

This may seem a strange and provocative thing to say. Surely ODF is the open technology and OOXML is the proprietary technology? Surely we know this because "ISO" is the organization which is just the puppet of MicroSoft while OASIS is a bastion of community openness!

But is this really the case?

JTC1 standards are accepted and maintained only by super-majorities of the involved National Bodies voting. In the case of OOXML, JTC1 was a highly successful forum, with over 80 National Bodies were involved, with thousands of individual contributers. Remember that for later: thousands of individuals and over 80 National Bodies involved.

I have just looked over the minutes of the OASIS ODF technical committee for the last year. I cannot find a single meeting where there is not a super majority of participants from one particular group: commercial companies who make products (in particular, office suites and usually hardware). The lack of user, academic or government participation at the TC level is startling, less than any standards committee I have ever seen.

Furthermore, until recently at least 50% of the committee it seems was made up of employees or consultants of two companies only: Sun and IBM. (Here is the minutes of the most recent TC, here are the minutes of a year ago. Not every participant is necessarily a voting member at the time. Note that Dr Durusau is sponsored by Sun.) [Update: Please note that there was more diverse membership in the earlier years of the ODF TC.]

[Update: The OASIS voting rules are that a full majority (more than 50% of "voting members" of the TC not just those present) is required for changes to the draft; more than 2/3 yes and less than 1/4 against of voting member is required to move to "committee specification stage"; finally a vote with at least 15% of OASIS members saying yes is required to move to "OASIS standard" stage. So the composition of the TC is quite important.]

Semper Reformanda

Now I am not blaming Sun or IBM or accusing them of stacking or any such thing, don't get carried away. But the OASIS ODF TC clearly needs more people to get involved and participate if it is to be credible as an open body rather than a vendor front.

So: at JTC1 we had over 80 national bodies participating with thousands of participants, at OASIS ODF TC you have the ODF TC with 6 to 13 or so active participants, almost all from a handful of commercial organizations and almost all representing vendors. (OASIS standards are voted for by members: there is a partial list of members here.)

I think the extreme reaction against the idea of JTC1 maintaining standards is exactly the one identified by the IBM-ers: large companies don't want to give up control. They are much more happy about being part of consortia where they can effectively dominate the agenda, and very unhappy about having scrutiny and agendas dictated by outsiders. From this perspective, the membership-based consortia are much more "stackable" (even innocently, by the withdrawal of other participants) than the National Bodies.

I was pleased to see this week that the feature-list for ODF 1.2 is frozen, and that the OASIS ODF TC finally now has a draft of responses to the issues raised by National Bodies for the ODF 1.0 process. Surely that is wrong, I hear you saying? Surely it is ECMA TC 45 that has used ISO as a rubber stamp and the OASIS ODF TC has been responsive to requests? Well...err.

People Power: who can deliver it?

The way things were evolving a couple of years ago, we were seeing IT standards being developed in the agile, membership-based, vendor-friendly environment of the consortia (W3C, OASIS, etc) and then brought to JTC1 for QA and vetting. It is JTC1 as an audit or QA process I guess. Most people think the fast-track process took this too far, but don't be distracted. The core idea is that JTC1's process, based on National Body voting is both effective (because it supplements the scrutiny from the consortium: OASIS has weak I18n vetting compared to JTC1 or W3C for example) and more genuinely open, because it is impossible to stack either directly or indirectly.

But now we have this campaign to remove ODF from the only systematic, independent, non-commercial QA and vetting that it could have. The more important and strategic ODF or any technology becomes, the more important it is that large vendors, individually or in cliques or cartels, do not have ultimate say in its direction. OASIS has not proved itself as an organization capable of delivering this broad spectrum of stakeholder involvement, so far.

(Oh, people say, didn't MicroSoft successfully stack the National Bodies? Well, the same National Bodies that voted against DIS29500 mark I being accepted voted for DIS29500 mark II. What happened was that neither the favoured position of Microsoft—immediate adoption without change— or the opponents'—rejection or wholesale changes— won in the end. Not a sign of successful stacking.)

So we have the ODF standard being promoted on the basis of its openness. We have a process developing it which has been clearly dominated by a couple of commercial players, around a single code base, and by vendors rather than users. We have JTC1 scrutiny as an effective way of changing the power relationships and of providing helpful QA. We have a campaign lead by one of the commercial players against JTC1 maintenance, a lack of interest by the OASIS group chaired by employees of these companies in progressing the comments made by National Bodies as part of maintain ODF 1.0 maintenance, and a track record of attacking and slurring JTC1 participants who are not seen as towing the party line (for example when Dr Brown made his validation smoketest.)

Things need to improve. The OASIS TC needs to have more involvement from other stakeholders, and in particular governments and users need to step up to the mark. Indeed, from the ODF minutes, recently there has a broader base, but not much: these important standards need multiple, independent review and a commitment to accommodate necessary changes in a timely fashion. And more cooperation is necessary. If they are unhappy with the kind of I18n vetting that SC34 will provide, then rope the W3C I18n WG in: I am sure they would respond to a request to review ODF. But don't have no review.

I am sure things will improve. And I am equally sure that I will be hissed at: how dare I attack Saint ODF and the Blessed OASIS! I am not. But if we are to adopt openness as public policy, it has to be real openness. To be more direct, governments who want to adopt open standards need to participate in the standards bodies: for openness to have any meaning (in the aspiration sense that people seek) a standard must be more than the technologies that a cabal of vendors conspires to adopt...it must also reflect the requirements of the full spectrum of stakeholders.

The large corporations love the ISO (or JTC1) stamp of approval for their technologies, but they really dislike genuine ISO feedback. It is disruptive, it messes up their plans, it confuses them. The BRM changed OOXML just enough that MicroSoft has bumped support for it as a major release feature not a service pack feature: IBM and the other vendors really don't want to expose themselves to the same kinds of disruption and scrutiny.

Wishing Well

I wish Alex Brown and the people taking part in the London meeting of the SC34 ad hoc working group on the maintenance of IS29500 well. I hope various stakeholders around the world will come to see how important the maintenance efforts at JTC1 for both IS29500 (OOXML) and IS26300 (ODF) are, or at least could be with adequate support.

The good news is that we don't need to settle for vendor-dominateddominatable consortia like OASIS, W3C and Ecma. Apart from participating in them directly, there is a safety net available: using the ISO/IEC/JTC1 standardization process to augment and audit and vet the consortium standards. This gives a nice balance, I think: agile development with close attention to vendor/developer requirements at the consortia (and I am not remotely saying that vendors/developers are not key stakeholders who need to be onside), and broader vetting, QA and feedback from JTC1 who will slice the cake in an entirely different direction than the consortia.

It is up to stakeholders (to National Bodies, governments, academics, user groups, vendors, experts) to make this system work and thrive. It does not work by itself, it needs participation. Without participation, openness is empty.

It is well known how much technology companies prize control of the API. Indeed, it was a key issue in many people's minds last year. I don't think people realize the extent that it still exists in member-based forums such as consortia: you get control by having multiple voting members, by participating early when the key decisions are made, and by subsequently voting that rival's requirements are not legitimate and their technologies inappropriate. So you get soft control of the API. The provision of an independent review mechanism where you or your rivals have no direct control, which feeds requirements and technologies and changes into the system from users and bypassing your corporate plans represents a loss of soft control, and it should be of no surprise when vendors try to escape or resist it.

But I don't see anything stopping the drive to open standards. There will be scrutiny of all the different organizations involved, and I think I see the start of a virtuous cycle: the more that a high standard is demanded of JTC1 by vendors in order to keep development in consortia where they have soft power, the more that those high standards will expose limitations and areas for improvement in the consortia too which can only result in the need for external, non-member-based QA such as JTC1 does in fact provide.

Update: Diary of a Non-Smoker

IBM's Rob Weir is a co-chair of the OASIS ODF TC, so it is natural that he would make some response: but What is Rick Smoking avoids my points and substitute others. It is worth reading. I am a non-smoker.

Here are the various claims he makes:

  • Weir claims I am saying that SC34 is a more participatory environment for developing standards than OASIS, however that is not a point I was making at all. My point was that SC34 is good for *review* and I don't think I mention development at all w.r.t SC34. What is scary about review?
  • Weir claims you need to have government permission to join. Err, not here (our standards body is not governmental), and I don't know of any cases where there is political vetting.
  • Weir writes about the costs of membership OASIS versus NBs or ISO. You know how much money I have spent on membership fees of SC34 and its predecessor on and off since the mid 1990s? $0 as far as I can recall. And the cost of participating in my NB earlier on: $0. The cost argument ain't necessarily so: some countries charge. [Update: In fact, it is a JTC1 rule that accredited delegations shall be able to attend meetings without having to pay a fee: s7. JTC1 Directives.] But in any case, I am not presenting them as either/or choices but complements neither of which automatically give openness and both of which require participation: a range of bodies allows you to pick the most feasible for you to participate in. Hence my point "Without participation, openness is empty." What is scary about complementarity?

    I don't know if it is a current requirement, but it used to be that at W3C TC members were supposed to commit to at least 1 day per week. Participation at this level is not really an amateur activity, and that disenfranchises a lot of people immediately: but standards are a serious business, not one for armchair generals and Slashdotters.

  • Weir raises the issues of costs of travel. In the case of SC34, most of the WG1 work is done online and on a public maillist: at dsdl.org. I usually only attend SC34 meetings that are in my hemisphere, for example. I don't see that a junket mentality prevails, per

    ..(Sorry, the last part of this blog has disappeared. I am trying to get it reinstated. In particular, this included multiple listings of the rollcalls of the ODF TC which clearly demonstrated the concentration of membership over the last year.)

You might also be interested in:


unknown acronym much? you should consider a govt job

Hmm, well, regarding the drafts and other documents...

If you go to the OASIS ODF page, you'll see links to Documents including publicly available drafts, and there's a mailing list archive etc.

Now, although I am a OASIS ODF Adoption TC member (not affiliated with any vendor by the way) I hardly use my login...

Of course I haven't checked each and every document, and the OASIS website might not have the most intuitive search interface, but that isn't that much of a problem IMHO

Best regards,

Bart H

Rob claims that the OASIS drafts are public, but actually I have never yet seen a document referenced from a page in the archives during general discussion that did not require a login to gain access, and a login seems to require OASIS membership.

Really!?!???!! Here's an example I picked out by flipping through the TC mailing list archives...

I have uploaded the OpenDocument v1.2 pre-draft3 at http://www.oasis-open.org/committees/download.php/23991/OpenDocument-v1.2-draft3.odt

Please see http://wiki.oasis-open.org/office/OpenDocument_v1.2_Action_Items#head-e7f8a6a9cdd240143b0ab2a1bc7bde959ff9d36a for a list of changes that have been integrated into this draft.

That took about 2 minutes of poking around the site. And no, I am not a member.

You spelt Rob's surname wrong five times: It is Weir, not Wier

Call me cynical, but I don't think at this point in the web lifecycle it is that innocent. Too many of the names I see are experienced players. They know what they are doing.

Frankly, the end of year numbers are better for those who game the systems. Look at the numbers for IBM this quarter vs Microsoft.

Somewhat like juicing athletes, it isn't healthy for the game but not doing it means losing to those who do. The market can't police it (evolutionary pressure) and the governments won't (political will and guess who donates the most to the change candidates). The force of the consortia participation agreements and deep pockets for lawyers when those are violated is a force for improving it, but the same people who game the systems are members of the consortia. So it will as it has from the beginning come down to the small groups that share values.

The web is a caveat emptor market. I see no signs of that changing.

> The difference between the IBM-ers positions and mine, as I understand it, is that I think there is great scope for complementarity while the IBM-ers don't want even review by any body that they don't have a first-class vote in.

You must have missed the part where OASIS votes are all equal. Yes, that means that an individual with a $300 membership's vote is equal to an IBMer's vote. That pretty well undermines your mischaracterization of them being "scared" by oppenness--something you do nothing to support, other than pointing out that many people don't bother to participate, even though it's easy.

Then again, your idea of 'actual' openness appears to be 'how many different people actually participate' rather than 'how able are people *to* participate if they want to'. One of these is diversity. The other is openness. I can suggest a few online dictionaries if you need further clarification.

Nice dig at "Slashdotters" BTW. Still mad over that story about Microsoft wanting to hire you as an expert? I think I might have been the one to post it, actually, but it's hard to keep track when you've written as many as I have. Even I can't keep track of them any more. I was going to write this little tiff up because there hasn't been much OOXML news of late, but upon review, there's not much of anything newsworthy in it. Though I admit to being tempted to use it to encourage more people to participate in OASIS.

Of course, you could, too, if you wanted to act on your own challenge. It's sorta like Wikipedia in that regard: don't complain that "somebody should do this or that," just DO it. That applies both to writing stories and calling for more diverse participation.

Maybe I'll reconsider it in the morning.

cdr: I have spelled out a few more. Yes there are a lot of acronyms.

Bart: Great! Thanks for the pointer, I will put it into the text. So when we find URLs in the ODF TC's archives like
then the public should translate it to http://www.oasis-open.org/committees/download.php/28461/OpenDocument-v1.2draft7-3.odt
or just look it up on that documents page.

ojs: Thanks for that I will correct it.

Len: There is another aspect too. When we do look at the participants, Sun, Novell, and IBM (Symphony) are all derived from the same code base (am I wrong that Symphony is basically Open Office transpanted onto the Eclipse RCP?) KOffice is a different code base, if I understand correctly. So not only is there a concentration of a single kind of stakeholder, but also a concentration on exactly the same stakeholder: US corporations underwriting development of Open Office. This is why I scratch my head so much about pots calling kettles black.

Anonymous coward: Still mad about a lie being spread about me that forced me to spend much of that year in unpaid attempts to get the record put straight, at a time when I had lost everything from a few years of tumour problems?

No, I think I have forgiven the people concerned, and I forgive you to if you were involved. And I received so much kindness and support from my friends and collegues, it in fact was quite healing and heartening, on balance.

When someone at a large corporation believes their cause is good, they can convince themselves that the big fat bonus check or glowing performance evaluation dangled in front of them are possibilities of virtue rewarded, and they can use factionalism and party-spirit to dismiss their conscience: they probably would be horrified to reflect on it, but they are letting the ends justify the means.

(As to my challenge, for people to participate in standards efforts more, I do participate: I edit an international standard and open source implementation, at my own cost, and that takes up the time available.)

As the CIO of a US SMB who spends (or can spend) nowhere near as much time on this matter as you or Mr. Weir, even I find your convoluted mental calisthenics on trying to compare the openness of ISO vs OASIS laughable. There's a lot of smoke and mirrors in the first part, and lots of deflecting in the update; you simply could not support your initial thesis.

My advice: Fold and wait for your next "attack"-ish idea. This one didn't work.

Secondly, my main concern is about access to my company's data, and whether it is just IBM/Sun at the OASIS/ODF table, or a bunch of "Slashdotters", the end result has been a much more open, cogent, widely supported and cleaner standard than the one put forth by MS.

I think the only valid point you make is in ODFs current level of dedication to motivating bigger community involvement in the process. But, in some ways, it isn't necessary; the current participants have proven, to me at least, that they are quite capable of creating an open standard. I cannot say the same for Microsoft.

alphadog: Would you care to actually identify any of this smoke and mirrors? Or any of this deflection?

I agree that cogent and clear standards are important. This is why review is important. I don't see by what magic the ODF spec or OASIS process allows escape from the need for review.

I obviously don't buy the "trust us we know what is good for you" argument. Such telepathy is not a reliable method of gathering requirements or weighing options.

Anonymous Coward#2: Yes, you are right. Perhaps it is not being scared of openness that drives their personal and institutional attacks: perhaps there is some other motive. What would you suggest? Love? Modesty? Geniality? Bridge-building? Constructiveness? Kindness? Fellow-feeling? Embarrassment?

Re: Who is better positioned to clarify exactly how Excel financial functions work, the Microsoft engineer who has access to the Excel source code, or an SC34 representative from Khazakstan? ... the indefatigable Kazakhs could reverse engineer the behaviour and add that.

No the Kazakhs couldn't. That would violate the Office EULA: "You may not: ยท work around any technical limitations in the software; - reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation;"

Pete: I am not a a Kazakhstani lawyer (INAKL?), but...

I do not know that working out and publicizing how a provided function that has been inadequately documented actually works constitutes reverse engineering in the EULA sense of the term: you have to see "reverse engineer, decompile or disassemble" as a related phrase all concerned with finding out how the hidden internals of a closed system work with the purpose of producing a substitute or attack; the other phrase "work around technical limitations" attempts to circumvent registration and license code schemes (I think the US DMCA also holds here for US people.)

Review and checking is fair use for a person working on an international standard; indeed some might consider it due diligence! And even outside the specific cases of SC34 or NB members doing testing, it is entirely reasonable for someone to figure out how to something important they have bought works, or to verify documentation. It is certainly in the public interest.

If you are worried about it, then some standards bodies have some provision for members-only distribution, or put it on an anonymised server. Or it can put to Ecma privately first, for them to accede to.

Or you can ask Microsoft for explicit permission (email to Doug Mahugh.) I note that in Microsoft's Interoperability Principles they say "Such Open Formats will be documented in their entirety" so it might even be a good thing to test their resolve, if you are of such a bent!

Please note that David Wheeler has already published his version of how the Excel FRACYEAR function actually works: I don't see any sign of EULA lawyers (with their oiled mustaches and black capes like silent movie villains), crawling all over him and MS knows the message it would send :-)

Furthermore, when MicroSoft started the Ecma effort and then moved it to JTC1 and issues their Interoperability Guidelines, IMHO they made it effectively impossible to claim credibly to a court (assuming they would want to in the first place) that the specific details of what a function does (as distinct from how it is implemented) should be considered reverse engineering in their EULA: participating in a standards effort for documenting a proprietary technology necessarily can involve examining such external functionality and thus sets expectations for what the EULA terms mean.

To put it another way, the fact that MS has not deemed that participating in a standards process which necessarily involves poking and prodding by reviewers should require any change to the EULA is evidence that they do not see such reviewing and testing as "reverse engineering": and they have had multiple chances over an extended period of time on many highly publicized issues to point out if this kind of review was against their EULA.

Popular Topics


Or, visit our complete archives.

Recommended for You

Got a Question?