Ownership and "cross-licensing" of protocols by working groups

Jari Arkko jari.arkko at piuha.net
Tue Oct 7 17:33:18 CEST 2003 

Yes, I've felt the same problem as Charlie has. And
I'm now more cautious about using components from other
WGs than I used to be. I would add that even if
the other WGs would be very willing to co-operate,
the chances are that there's a schedule mismatch.
The extensions would be needed sooner than they
can be delivered.

However, I think the solutions for this problem are harder
than you Charlie indicate. Like it or not the net is
getting more complicated. We have more applications.
We have infrastructure components such as various kinds
of agents, AAA servers, security devices, and so on.
We have more transport services and associated security
mechanisms to go with them. There is *bound* to be more
interactions between the various pieces.

And the world is bigger, with more SDOs than we had to deal
with before. Pretty much everything runs over IP, so its no
wonder we'll have to deal with various needs to build new
things on top of IP.

I can see several issues associated with this situation:

  - Interactions with the results of some other WG, or IETF->SDO
    dependencies are not inherently bad. A well-designed dependency
    is a good thing. But you have to have a good design, its bad to
    depend on all sorts of other stuff that isn't strictly speaking
    essential.

  - One way to measure whether you are having a good dependency
    is to ask whether you are expecting a lot of modifications
    to the protocol that you depend on. If no, its good. If yes,
    its bad. If the protocol needs some new general purpose
    extensions (many of the SIP extensions needed by 3GPP were of
    this sort), this can be still be OK. But if you are starting to
    need specific support for your application, you are on thin ice.

  - If you find that the thing the other WG has developed does
    exactly match your requirements, it may be a good idea to
    design your own.

    Of course, we need to apply some common sense with this
    rule. If we need some small feature to a large, co-operating
    set of protocols (SIP + RTP + SDP, etc to give one example),
    designing your own set of protocols may not be wise.

    On the other hand, you might be better off developing your
    own (even if tweaking an existing component is possible) if
    it would create many new dependencies or APIs. We
    had this case with SEND and AH; it would have been
    possible to use AH but it would have resulted in quite SEND-specific
    AH extensions as well as a number of internal APIs that would
    have been needed. So we decided to build our own authentication
    scheme for SEND instead.

So, here's my tentative set of rules to follow:

R1. REUSE. Where a component exists (or is being developed) by someone
     else, and it matches your requirements, always reuse that component
     in your design.

R2. FOLLOW THE RULES. You must follow the component designer's rules
     (e.g. SIP RFC) when using the component in your own system.

R3. DO NOT TWEAK. If there is no component that exists and suits
     your requirements exactly, you should in most cases develop
     your own mechanisms.

R4. PRODUCE GENERAL RESULTS. In your own work, ensure that what you
     do is readily usable in many environments without a need for
     extensions.

R5. LEAVE ROOM FOR OTHERS (corollary of R4). Don't try to solve
     everything. Your component should perform a function, and deliver
     some information to the layers above. Don't dictate what the
     layers above do. A good example to follow here is TLS, it
     performs a communications security function and delivers
     some information about the endpoints to the application layer.
     The application layer can still make use of that information
     in some application specific way, e.g., match the TLS identities
     to application layer identities.

R6. EXPLICIT APPLICATION RULES. Make it very clear what others
     can and can not do with your protocol components. Can they
     add header fields? Can they specify a particular algorithm
     for deciding when to initiate a specific event?

     We pretty much have IANA considerations in all protocols
     by now, which is good. We also have more specific extensibility
     documents, a good example is the SIP document which talks
     about the process for adding new header fields. (I like the
     fact that such a document exists, I'm not sure if the IETF
     went overboard with the strict requirements for adding header
     fields.)

     We also have some protocol applicability statements, which should
     tell whether the component can be applied in the situation that
     you think of.

     This rule is particularly important when working with other SDOs.

--Jari

More information about the Problem-statement mailing list