Create a space for specs for proprietary protocols #380
Conversation
|
@rachelmyers can you sign the commits - the DCO checker isn't happy. |
|
Thanks @rachelmyers, et al ... for putting this together! |
|
Thanks for getting this started! In general, I'm very supportive of allowing people to choose the technology that works best for them. Working for an ISV, I'd like that our customers technology choices and ours can interoperate without either side having to jump through too many hoops. The fear that I have is that a given proprietary product will simply stop at defining a spec, and make no further attempt to interoperate with the rest of the ecosystem, but claim they support CloudEvents. The majority of the work of making interoperability happen hasn't been done. We could demand that, along with the spec, a working proof that their protocol can interoperate from and to a qualified protocol has to be submitted. The working proof must be independently verifiable. A simple verification is:
For a vendor/OSS org submitting a proprietary protocol, the preferred way IMO is that their product offers a qualified protocol out of the box. E.g. RocketMQ could implement the HTTP transport binding, and then one has a choice between their proprietary protocol and an interoperable protocol. In other words: There MUST be a reference implementation showing interoperability. It SHOULD be part of the main implementation of the protocol. It MAY be closed source if it is part of a proprietary product. @rachelmyers Do you think that is a fair ask from the people submitting a proprietary spec? |
|
ping @zongtanghu @duhengforever any comments? |
|
Not sure if we should require an implementation. But we may need some verifiable proof that the proprietary protocol is compliant with the CLoudEvents spec. |
|
@clemensv I believe you were going to add a comment here with a proposed middle-ground position - just a reminder... |
|
@duglin Sorry for the delayed reply due to the Chinese New Year holiday, and thanks for @cneijenhuis @cathyhongzhang @rachelmyers comments, we will dig into this further, and will comment in the next few days. |
|
I have no objection to us hosting specifications for protocols exclusively used by products that are "proprietary". My definition for "proprietary" here is that the protocol is exclusive to a product controlled by a single corporate entity or a single project consortium (which includes OSS project teams in Apache/Eclipse/etc). Whether the product implementation code and process is closed or open ultimately doesn't even matter, in my view. What matters to me is that everything that exists in the CloudEvents repository fulfills an interoperability purpose. A specification cannot fulfill an interoperability purpose, if
As a strawman, let me present the [Microsoft Message Queue (MSMQ)] protocol. MSMQ is proprietary and closed source. Based on the then effective MS/DOJ consent decree, Microsoft has fully documented the MSMQ protocol with an external auditor verifying completeness of the specification. The specification is available under the Microsoft Open Specification Promise, which grants patent rights. This checks off the first two boxes. Nevertheless, it's hard to see why anyone would create a clean-room MSMQ server or client implementation and then would then need a CloudEvents mapping for binding CloudEvents to that clean-room MSMQ implementation to ensure interoperability. Which means that MSMQ, in spite of having extensive and thoroughly audited wire protocol specification, wouldn't check the third box for me. A specification that doesn't fulfill the purpose of factually and verifiably enabling a party that is completely disassociated from the product/project owners to legally and independently implement the base protocol and the overlaid CloudEvents binding is in effect nothing more than a "name-drop" marketing document and doesn't belong into this repository. That does NOT preclude having a plain list in a place like the primer document that enumerates "products using CloudEvents" with links, but those products will not be able and should not be able to claim conformance with the interoperability specifications we develop here. Here's a rule proposal: The To ensure that such submissions fulfill a factual interoperability purpose, a CloudEvents binding for a protocol exclusively used by a single product/project MUST NOT be submitted and controlled by a party affiliated with (or compensated by) the owners of the project/product, and the binding MUST refer to complete, current, and publicly available wire-level protocol documentation and there MUST be clean-room reference implementation built on the specification and not sharing 1st party assets with the referenced product/project. For such a specification to be admissible, the protocol MUST also be free from license or patent royalty claims by the product/project owners. Should any of these conditions change for the conditions no longer be met, including through mergers or acquisitions, protocol revisions, or license changes, the specification MUST be removed from the CloudEvents repository. |
|
@clemensv The first two bullet points you mentioned make sense to me. The third one makes me wonder though.... is the question really one of intent, or is it more a matter of ability? No one can control whether someone else implements a spec, the best spec authors can hope for is to be open about it and hope other people adopt their work. Take CloudEvents as an example. If no one adopts it then despite us doing all of the right things w.r.t. openness, there might not be any implementations out there - but it's not proprietary. So, to me it's about whether people can implement the spec, not whether people have done so. However, even with that, I can't help but feel that we're veering some complex legalese with all of this. The 2nd paragraph of your proposal scares me and makes it sound like we're trying to protect ourselves from some serious maleficence - maybe we are :-) I don't know. But, if we end up with something that onerous then I tend to think that we should avoid the entire issue by just doing what you (and I think someone else mentioned on the call) and just allow for people to include a link to their spec from our repo rather than include the spec itself. Does anyone really want to revisit these specs periodically to make sure they still adhere to that 2nd paragraph? @rachelmyers what are your thoughts on this? |
|
@duglin @rachelmyers The second paragraph is indeed defensive in the extreme and to counter "stuffing the committees" attempts by players who try to open-wash their proprietary wares. We might not need to be quite as strict, but I wanted to put a stake in the ground on that side of the spectrum. |
|
All, on today's call we were not able to come to a decision so we're going do a vote. The choices are: We will use a ranked voting system ( https://civs.cs.cornell.edu/ ) so please indicate your vote by listing the three choices in your preferred order - you can choose to leave an item out of the list. E.g. 1,3 will mean you want "1" as your first choice, "3" as your 2nd choice, and do not want "2" or "4" at all. The following 21 entities are eligible to vote: Adobe, commercetools, ControlBEAM, Enterprise Holdings, Google, Huawei, IBM, Itau Unibanco, Microsoft, NATS/Synadia, Operiant, Oracle, PayPal, Red Hat, RSA, RX-M, SAP, Solace, Splunk, Vlad Ionescu, Tapani Moilanen The vote closes at the start of next week's call - 12pm ET. Please cast your vote by adding a comment to this PR. Note that none of these are a vote for this PR as-is. If either 2, 3 or 4 wins then this PR will be modified to align with the results of the vote. So this vote is more about setting our preferred direction rather than voting on the exact text of a proposal. |
|
commercetools: 4, 2, 3 |
|
Microsoft: 2, 1 |
|
SAP: 2,4,3 |
|
huawei: 4,2,3 |
|
IBM: 2,4,3,1 |
|
Google: 3,4,2 Our first choice is that people using and supporting CloudEvents in their own serializations and protocols be able to post that in this repo for others in the most lightweight way. Interoperability is about systems with different protocols all using a common serialization, CloudEvents, to interface with each other. Our second choice is 4, that any proprietary spec pass a basic conformance test. This isn’t my first choice because practically, when accepting a new spec, we won’t have that protocol running, or be allowed to run the protocol in order to confirm that the conformance tests pass. The conformance test is more of a tool for developers creating a new spec rather than an actual test that we can confirm. Our third option is that we collect a list of links to CloudEvent implementations. When all we have is a link, their spec could change or rot, and the link we have would stay the same. In practice I don’t think we would check and prune outdated specs as well as we would if they were immediately visible (and grep-able) in the repository itself. |
|
Adobe: 2, 1 |
|
Operiant: 2, 4, 3 |
|
Vlad: 2, 4, 1, 3 |
|
NATS: 2,4,3 In the interest of driving adoption/growth today, 2 seems to be lowest friction. Perhaps 4 could be added later as CE matures; verified protocols would be nice for end users. |
|
Itaú: 2, 4, 1 |
|
Oracle: 2,1 |
|
Tapani Moilanen: 2,4,3 |
|
Vote is now closed - official results will be posted soon... |
|
Raw votes: Converted into Condorcet input data: Resultsfrom https://civs.cs.cornell.edu/civs_create.html Option 2 (just a list of pointers to external specs) has won. @rachelmyers Can you please update the PR to align with that decision. Thanks to everyone for their patience and votes. |
rachelmyers
force-pushed
the
proprietary-specs
branch
from
3fd0fbf to
573d17e
Compare
proprietary_specs.md
Outdated
| current version of CloudEvents. That is the responsibility of | ||
| the respective project maintainers. | ||
|
|
||
| * [placeholder](to nowhere) |
There was a problem hiding this comment.
hmmm link checker doesn't like this one. Perhaps just have it point to itself?
|
Aside from the href check, LGTM |
Signed-off-by: Rachel Myers <rachelmyers@google.com>
Signed-off-by: Rachel Myers <rachelmyers@google.com>
duglin
force-pushed
the
proprietary-specs
branch
from
11d8585 to
b371ff6
Compare
duglin
force-pushed
the
proprietary-specs
branch
from
e5cdaba to
e6d52f6
Compare
Signed-off-by: Doug Davis <dug@us.ibm.com>
duglin
force-pushed
the
proprietary-specs
branch
from
e6d52f6 to
2f343cd
Compare
|
All, I pushed 2 new commits:
We approved this PR in the call yesterday (with the typo fix) but before I merge it can I get someone to look over my edits to make sure I didn't introduce any new typos? Then I can merge it once the CI is done. |
|
The CI failure of: is ok and will be fixed once we merge it. |
|
thanks @cathyhongzhang |
This PR proposes that proprietary protocols and encodings can submit specs to a new
proprietary_specsfolder. The specs are identical to specs for other protocols or encodings, with the additional caveat that include information about how widely it is used and for what use cases.It asserts that proprietary specs will receive less scrutiny because we will not maintain the spec. Because we are explicitly not maintaining proprietary specs, if, over time, they drift from CloudEvents, we can mark a spec as deprecated or remove it entirely.
This PR punts on important questions. For instance, if two, conflicting specs are submitted for the same protocol, CloudEvents doesn't want to arbitrate between them.
In other words, this PR puts almost all of the responsibility on the people submitting the proprietary specs.