This week, I’ve been at an IETF meeting in Quebec City, wrapping up the IETF NEA effort (getting NAC standards approved as IETF RFCs). Looking around the IETF, I see many well-intentioned efforts but I know from my 15 years of experience in IETF that few standards actually meet their goals. Why?

A successful standard solves a critical customer problem that requires multi-vendor interoperability. This translates into substantial customer demand for solutions that implement the standard, which equals money, which drives vendors to implement the standard. That’s the way things work in our economy. Standards must increase profits for customers and vendors alike.

A successful standard stays focused. Start with a few motivated customers and vendors. Write up a clear description of the customer problem you’re solving. Create a few use cases that explain how this standard will solve the problem. Now simplify. Agree on the most urgent part of the problem and the smallest use case needed to solve that problem. Put everything else in Future Work. You must start with a manageable success and build from there.

A successful standard stays simple. Come up with several designs that can solve the customer problem. Discuss them thoroughly. Understand that different people have different, valid perspectives. A standard must be viable for everyone. Still, avoid the temptation to allow many options. The best standard is one that’s easy to implement and use, always interoperable, yet extensible for future ideas and vendor innovation. Simplicity is the key.

A successful standard has growing support. If your standard truly solves a critical problem, it will attract more and more customers and vendors. This growth is essential. For an interoperability standard, Metcalfe’s Law applies, in slightly modified form: the value of a standard is proportional to the square of the number of products that implement it. This explains the cascading popularity of the telephone, email, the web, and other similar products. Push hard for adoption at the start. Create easy customer and vendor instructions for using the standards. Ensure that everyone knows about your successes, so that you can cross the chasm from early adopters to the bulk of the market.

I’ve been applying these lessons to the Trusted Network Connect (TNC) standards for the last few years. We started with a narrow focus on NAC. More recently, we’ve expanded to Secure Automation but we’ve kept our core standards simple. And this discipline has been rewarded. The number of customers requiring TNC standards in their RFPs is doubling every year. The number of products certified through the TNC Certification Program is doubling also. With their approval as IETF RFC 5792 and RFC 5793, the TNC standards have recently crossed the chasm and become a best practice for network security.

I hope that this advice will be useful to others. We could all use more interoperability!