[standards-jig] On documenting the use of other technologies

Robert Norris rob at cataclysm.cx
Tue Sep 3 03:29:29 UTC 2002

I've just a conversation with Ryan about the usefulness of the SASL JEP
(34). His contention was that the JEP does not provide enough
information about SASL for developers to implement it.

Now, while I agree that SASL is not widely understood, is it really our
place to inform developers on how a particular technology works? The
SASL JEP cleary states in the introduction that a reader should have a
clear understanding of the SASL RFC (2222) before reading. The reason
for this is simple - JEP 34 is not a standalone document, but is a part
of the larger framework defined in RFC 2222.

The obvious argument to this is that as a developer, I should have to
understand the details of a technology in order to use it. I agree with
this point, and would say that that it what libraries exist for.

We don't, for example, provide this information for SSL, instead simply
defining how SSL is used within Jabber. SSL/TLS is more widely deployed
and understood, but why should this make a difference? We expect some
basic knowledge from the developer on what SSL is, and what it is used
for, and trust the the developer can find more information as they need
it. Why should SASL, or any other technology, be any different.

This kind of information is not particularly difficult to find, either -
the second result from a Google search for "sasl" points to the Cyrus
SASL library, which I understand to be the most commonly-used SASL
library available.

Of course, as protocol designers, it is important that we produce things
that are not difficult to implement.

So, do people think that it is necessary that some sort of "implementors
guide" be written? While I agree that such a guide may be useful, the
information that it would contain is readily available in a number of
places, not least of which is the SASL RFC itself.

And if it is considered a good idea to provide such a document, why
should we or shouldn't we also provide similar documents on other
technologies we make use of (SSL, XHTML, even XML)?


Robert Norris                                       GPG: 1024D/FC18E6C2
Email+Jabber: rob at cataclysm.cx                Web: http://cataclysm.cx/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20020903/1bbe63d1/attachment.sig>

More information about the Standards mailing list