Meeting minutes
Rachel: Thank you everybody. This is the session Open Standards - Strategic Innovation
… I'm a W3C evangelist, working closely with different groups in W3C
… to think about how people can join W3C - how it's benefiting their work
… Introducing the panel. John joining us. Charles scribing
JohnBradley: working for Yubico, Senior Principal Architect. I'm developing security key software, standards for WebAuthN at W3C, technical WG at FIDO.
… Also developed OAUTH, OpenID Connect, JSON Web Encryption, and others going back to Information Cards and beyond
WoChang: I'm working for NIST, Information Technology Library. Senior Advisor for Standard Data and Emerging Technology
… Going back 1990s... SMILE
… IETF, and so on
… transition to legal entity for W3C
… working with federal agencies in the US
… Many agencies have data they need to make consumable. I hope we can connect it back to W3C, especially in the data aspect, so government can more fully utilize web technology.
… Bringing a government perspective on products and services.
Rachel: Yes, how to make the work on open standards meaningful and impactful.
[Slide 2]
… Laying down the underlying discussion... not just tech innovation, it's also business innovation, delivery.
… Ultimately it involves improvment; new products and services.
… Questions to the panel, and then open discussion.
… [Slide 3]
WoChang: When I talk about products and services, I mean equivalently to government data and services; open standards will be a tremendous help to us
… We don't want to have to use a proprietary product
… I've been working close to 29 years here, ISO etc.
… I see the benefit of open standards in many areas.
… In the last 6 months, we did some roadmapping, at NSF and OSTP
<Rachel> "Strategic innovation is the process of creating new or improved business models, products, services, marketing, or delivery methods. It can involve a radical change in how a company does business or a more incremental change that makes the company's products or services more competitive."
WoChang: on how to utilize web tech
<Rachel> Do you think that Open Standards help in product and service innovation? If so, how?
JohnBradley: Open standards in the internet space help us achieve critical mass. Back in the old days, Internet Explorer was *almost* based on open standards. That's why W3C was needed.
… Until there were open standards, there were these little islands where things would only work on a Mac with Netscape, or Internet Explorer on Windows, etc.
… It wasn't until we had agreement from browsers on standards could we have an open web.
… Without open standards, just have non-interoperable niches.
… That can be done... Apple has done that. But even there, the underlying tech is based on open standards one way or another but with a proprietary twist.
Rachel: I think Open Standards lay a foundation... The web community has come together to have a common ground on what can be build.
… I see this as allowing more time to innovate
JohnBradley: You don't have to re-invent the wheel
Rachel: Yes
… It frees the organizations' time
… creating a language for innovation, so everyone can speak the same language instead of different languages; that also allows for innovation.
martin_alvarez: Just listening, I will jump in when I have something to say
Rachel: Thank you for saying hi; nice to see your face.
… Follow the conversation in IRC. Thank you Charles for scribing...
… Next question / point of discussion: What kind of product/services do you think would not be possible without web standards?
JohnBradley: Pretty much all of them.
… Without web standards, you wouldn't have Facebook, Google Search, or any of those other features that people take for granted today.
<Rachel> What kind of products or services do you think would not be possible without Web Standards?
WoChang: I was a developer, programming Windows 1.0, before the Web... At that time, we had to do a lot of GUI stuff
… I'm a user-centric person; there could be 10 different levels of clicks
… The web simplified this kind of product development. There could be the same look-and-feel for applications.
… The web, HTML, backend technology, made the web much easier, more transparent, to the end-user.
… So I agree with John, these are essential to not just searching, but daily life.
JohnBradley: I had a life before the web, writing Bulletin Board software.
… I remember the first time I saw NCSA Mosaic, and thought, hmm, probably Gopher is dead.
… We had information representations but they were non-interoperable.
… It was the crude NCSA Mosaic that brought services from the very nerdy to the only slightly nerdy.
… So products that help, from the Yubico Point of View, include Nuby, with Google.
… We had a hardware-backed multifactor authentication that worked with Chrome, mostly used by Google employees logging into their systems
… But it wasn't used much by other browsers
… We contributed it to FIDO, it became Universal Second-Factor Authentication. Then more orgs came on board. Now we have PassKey.
… It took contributing our IPR into a standards org to bring those others in, to implement in browsers.
… Now it can be cross-platform, a broad-based product. OS X, Android, etc
… Now people can be signing into web sites without having to know what a password is.
… It takes open standards, to get the critical mass to actually deliver these ubiquitous technologies
Rachel: Anything dealing with communication, services, etc., it will not be possible to have this mass impact without the Web.
… I think proof is the pandemic; we can do remote work.
… These possibilities are not possible without the Web.
Karen: Question for JohnBradley: is that (business) case you described documented somewhere?
… This morning and yesterday we heard from W3C members that it's hard to describe the importance of standards in their organizations.
… So where do we keep these stories?
JohnBradley: There is a movie... Not sure if it's documented in a way that could be useful here
… Certainly not a unique case.
Karen: People don't know it; need to know more.
… Are you able and willing? Some companies don't want it to be known, it's their secret sauce... Don't want the standard promoted through their org.
JohnBradley: Mostly our products are built on open standards.
… We're happy to talk about it.
… A little different with open-source vs. proprietary software.
Rachel: [Slide 2 / Question 3]
… Do you need open standards to develop a new product? is this a best practice?
<Rachel> Are there any specific examples where adopting an open standard helped your team create a more successful product or service?
JohnBradley: depends on what you're doing. In some case, fleshing out the idea, getting critical mass, and then turning it into an open standard... like we did in U2F... many things go from proprietary tech to open standards.
… Most businesses are interested in making money. So the product itself may not be built entirely built on open standards; it may be built on many open standards.
… e.g. Facebook is built out of Web components
… Generally there is some proprietary-ish thing sitting on top
… Can go either way, or both.
WoChang: Also coming from multimedia side; we have a lot of multimedia/entertainment business models.
… Going back to cell phones... How to use open standards to create useful products, it's tricky... a lot of underlying plumbing is already in, but integrating into a useful product is challenging.
… Anyone can integrate it, but making it easy to use is very challenging.
… to be useful for the end-user
JohnBradley: I worked for a company... that compressed video to put it on the internet, in real-time, to do what became streaming.
… They contributed their tech to the motion pictures interest group, that became MPEG
… Because it was a standard, it could be implemented without plugins
… It was proprietary, but then in order to expand, they needed to open it up.
… Royalties had to be sorted out.
… I remember having to go buy an MPEG codec for my browser. That was a big hurdle.
… Having the standard, opened up licensing, is how these more sophisticated applicatoins...
… Netflix couldn't exist without it
David: Hi, I'm David Turner, from FIDO alliance.
… I represent "critical mass" as "scale".
… If you want to have scale, you need to have standardized elements
… The opportunity to scale is where business opportunities come from.
… Facebook, LinkedIn... They couldn't get to scale if they weren't built upon the standardized infrastructure that is in place
… Someone else's business model was on that plumbing, but could not scale because doing it in a proprietary way.
… This pushes the opportunity to scale "up the stack"
Rachel: Allowing me to innovate my contents... rather than trying to figure out how to satisfy Web Accessibility
JohnBradley: Moving up the value chain.
Rachel: Yes. Often, we don't think about web accessibility being important.
… Next question (3)
<Rachel> How does your company use Open Standards in its products or services?
WoChang: To recap: I'm partly an organizer for the NSF and White House Open Technology Network
… We try to use semantic web
… But hitting some roadblock; some of the data owners may not be savvy about RDF, etc.
… We try to listen and learn to see how the open standard can benefit the product and services
… At the same time, what would be the missing gap to enable the data owner who may not be so savvy.
… I think this is a big opportunity for W3C. We have a lot of web tools. Really helping the data owner would be challenging but worthwhile
… Yesterday we heard about how to connect with the community to help get data/services to a wider audience; very important.
… We definitely would like to use open standards; but maybe there is some gap, where W3C could help fill in
… So the government can utilize more of the web tech to push our data out.
Rachel: Seems to be a lot of training and awareness
WoChang: From tech side, we have RDF, SPARQL, etc. From the other side, it's too complicated.
… If somehow W3C can open up an easier way for people to integrate, on the backend still have many tools... but how to help the regular data owner to inject their data into the bigger audience.
Rachel: I think a lot of people are looking for that; not an isolated problem.
MarieJordan: I wanted to answer question #4. I'm Marie Jordan from VISA; payments are critical for us; every bit relying on standards and global interoperability
… Web standards, FIDO authentication... critical; global standards makes it easier.
… Regional standards and global standards both: increased cost of adoption.
… Innovation component, interop component, and cost/benefit.
JohnBradley: Example, U2F contributed to FIDO, developed into FIDO2, becomes WebAuthN, becomes part of Web Payments, 3D Secure...
… Next thing you know you can use a FIDO credential to make a VISA transaction
… Not just one standard; they are layered
MarieJordan: Exactly
JohnBradley: Looks like magic, but took years and years.
Rachel: Open Standards allow better collaboration.
… Next question (5)
… How do you explain to colleagues and others about the value of open standards?
JohnBradley: I don't know if product managers are the best place to advocate open standards. You have to start lower in the stack; engineering.
… People like making their lives easier using standards and pre-existing components
… Going to a product manager and saying this MPEG4 is a great open codec... How is that going to make more money?
… After it's already done, then you can talk to the PM and say we did this.
… But I don't know if a PM would... I think it's the wrong level... but I could be wrong...
Rachel: Do we need to educate them?
JohnBradley: I don't know if it's their job
… The benefits have to exist in the organization
… Might not get anywhere unless those under them have it in their heart
David: The business case must be clear. Can you prove time-to-market?
JohnBradley: You have to quantify it into a benefit
David: Occasionally it may be a business thing, to not be left behind, or to get ahead of, competitors
JohnBradley: Also a board-level thing... other pressures in the other direction.
David: All business questions.
… It has to be translated to the PMs as a business opportunity/risk rather than a technical one.
Rachel: Changing gears... [Slide 4]
JohnBradley: Hmm, guaranteeing more reliable... open to question
David: Easily understood by consumer? No...
Rachel: You don't think, e.g. if I see a rice coacoa, you see the standards, that gives a sense of trust?
JohnBradley: Do people really buy things based on the sticker? I don't think so...
David: Maybe things like WiFi logos.
<Rachel> "Developing open standards helps innovation by allowing different parties to build products that work together, allowing for a more open and interoperable market, leading to increased competition and innovation. Standards also ensure that products are reliable and can be easily understood by consumers."
David: From a user standpoint, I don't think they guarantee that
JohnBradley: Anyone can take an open standard and make a crap implementation of it.
… TLS, OpenSSL
… NIST has FIPS conformance suite for security devices
… On top of open standards, you also need something... standardized conformance tests
… As director of OpenID Foundation... we work with financial institutions... Open Banking.
… Working with other countries, developing conformance tests banks must run, the law says they must pass to be able to be considered open/interoperable to meet the banking limitations
Rachel: Adherence to standards... It's not the standards fault if it's not reliability
JohnBradley: It helps with the higher level tasks. But can still have bad implementations. So need a conformance test
Kodajima: Daisuke Kodajima. How can use open source?
JohnBradley: Different question
… In some cases makes sense
… Many take our open source components...
… We don't actually make money selling libfido2
… Our position on open source is that we contribute to and manage those so that people can purchase our paid products to get value out of them.
… Others do differently. e.g. RedHat model, Android is open source except where it is
… WebAuthN isn't available in open source Android. You didn't know that?
… An Android phone from Huawei that isn't AOSP-licensed doesn't have WebAuthN. Also Amazon devices...
… How to navigate it, and still make money, is a challenge.
Rachel: In a working group, there is a lot of use case exploration; then there is some testing of implementations; that will move candidate recommendations to the next step...
… Because people are sharing, you can learn so much, in the working groups.
… This is my take on it... In a WG you hear from very different perspectives; e.g. somehow looking from the graphics point of view, totally different from your focus; then someone looking at it for accessibility.
… That opens your mind
JohnBradley: As a company, you have to be mindful that WGs have IPR policies
… If you contributed, depending on the WG, you may not able to assert your patent anymore.
… Different WGs have different policies. Most is mutual non-assert.
… If you assert.... mutual destruction.
… Advantage is nobody has to do a patent search
Rachel: This area is somewhat well-understood
JohnBradley: Not so much, in W3C... Everyone knows it exists, but participants might not know the details.
Rachel: [Slide 5 / Question 1]
… Do you have a favorite Web Standard?
JohnBradley: My favorite standard is Token Binding
… I didn't say it was successful...
… Best part of being in a web standard working group: conviviality of individuals working on a shared goal
<Rachel> Do you have a favorite Web Standard? What is the best part of being on a Web Standard Working Group? Why did you decide to join a Web Standard Working Group?
JohnBradley: Why did I join...? It just sortof happened.
David: Because I asked you to join.
JohnBradley: Somebody inside the US government told me I needed to, otherwise I wouldn't have a job. So it sounded like a good idea. Then it sortof got out of control. 27 RFCs later.
WoChang: I like CSS, because that part enables control of presentation
… People go above and beyond, putting a lot of creativity, OpenUI, etc.
… Having a lot of control over web content presentation; very vital
… I think CSS is very cool and direct for the developer
… Right now I have more interest in the data aspect. We heard about RDF-STAR and knowledge graphs.
… Not only for my agency, but also other federal agencies, we shared about our experience... The program manager, helping the team... How can we as a government entity, showcase the tech and help other agencies see how the deliverable is applicable.
… We all want to push our data out for consumers to use. In that kind of setting, to learn from eachother. I would push the data owner, rather than product manager, to help utilize the web tech.
Rachel: Very good insight, comprehensive explanation.
… [Slide 6]
… [Slide 7]
… Do you think open innovation ever existed - in your experience, does it work / does it make sense?
JohnBradley: I honestly don't know.
<Rachel> "Open innovation is the process of incorporating external ideas and intellectual property into a company's innovation process. It is based on the principle that companies can no longer rely solely on their internal resources to develop new ideas and products. Instead, they must actively seek external sources of inspiration and collaboration. This process can include tapping into the knowledge base of customers, suppliers, and othe[CUT]
JohnBradley: Using open standards and contributing to open source... I guess being open to those things helps some companies innovate.
… I'm not sure about touchy-feely crowdsourcing things.
<Rachel> What motivates you to work on products that are open-sourced? How do you decide which products to open source? What challenges have you faced when working on open-sourced products? Why do you think openness is essential in product development? Do you think closed sourcing will become obsolete in the future?
WoChang: In my lab, we have internal R&D. In NIST, in what we do we want to have alignment with SDOs. We look to emerging technologies - do they have a standard?
… We care about open standards. Looking at open innovation; to me it's about how to make potential open standards-based tech.
… Open innovation definitely has a strong base in the open standard aspect.
… Hopefully will have benefits for everybody.
… What will be the future standard? How can we bring it into our standard development?
Rachel: Not just open source, but a gateway to the future.
… Next idea: Sharing knowledge, ideas, data and code. When you share, you gain. How do you manifest that? How do you feel about that?
… Do you think it's important to share knowledge and code?
<Rachel> "Sharing knowledge, ideas, data, and code helps innovation because it allows collaboration and creativity. When people can share their thoughts and work together, they can develop new and better ways to solve problems. Additionally, by sharing code, companies can save time and money by not having to reinvent the wheel every time they want to create a new product or service."
DavidE: From my experience, there's a term "technical debt"
… Two sides to software: "I want to build software" vs "I want to buy a product"
<Rachel> What are your thoughts on sharing knowledge, ideas, data, and code? Why do you think it's important to share information? How has sharing knowledge, ideas, data, and code helped you innovate? Do you have examples of when sharing knowledge, ideas, data, and code has led to a successful product? What would you say to people who are hesitant to share knowledge, ideas, data, and code?
DavidE: If I buy software from a company that does not share / use open source, I'm buying into their technical debt; they can drag me down.
… In my industry we have a lot of mergers/acquisitions. A lot of systems have to work together; otherwise has to be torn down.
… Convenience retail industries. Gas stations. 150,000 locations in the US. Many also in Canada, Europe and South America.
… Those stories are owned - half of them in 1s and 2s; the other half is hundreds.
… All of these people depend on not being saddled with technical debt.
… That's the end-user perspective. But it affects the software company too.
… If you're building software and creating technical debt, what happens when your genius engineer quits?
… If you are that engineer, you think won't happen to you. What if your coworker quits?
… In general, sharing knowledge and ideas lifts all boats
JohnBradley: makes almost everything better. you have to be organized about it, understand supply-chain issues.
… Think Solar Winds. A component further down the supply chain; maybe not the one you're integrating, but integrated by them, may cause issues.
… You have to know all the open source components. Have a good understanding of the security properties, maybe your own audits. Also have the risk of those projects maybe not continuing.
DavidE: We focus on the interface level, not the component level.
… In solar winds, they fooled the development system.
… The standards we promote don't involve compiling code; they are about how you share the info.
JohnBradley: generally not what most people think of as open source. may include products by other people
DavidE: there are strategies for understanding
JohnBradley: strategies not often followed by people whipping out open source projects. which projects, who are they developed by.... need to do your due diligence
Rachel: Need support.
JohnBradley: To include in Windows, they need to do a lot of due diligence.
… Because if something bad happens, people will go after them (Microsoft)
WoChang: first question, very dear to me, sharing knowledge, data and code. John and David used the word scalability. I can share data...
… FAIU principle
… I can share the data, but interoperability, usability, are hard problems
… If you scale, it's not easy
… How can you scale so that anyone can share?
… I hope W3C can think about it from this perspective. Data becomes more available and valuable; how can you tap into it to make knowledge? Critical components for industry.
Rachel: Running out of time. More than anticipated. Closing session. Thank you Charles for scribing. Thank you Zoom audience.
… Thank you for sharing