WG15 N511 A Discussion Paper on POSIX Application Conformance UK BSI IST/5/-/15 (Posix) Panel 21-Oct-94 Executive Summary: This paper is, as its title suggests, an attempt to encourage debate on the perceived problem of POSIX application conformance - how to determine and to 'advertise' the fact that a particular application is suited to a POSIX platform. This paper is not a statement of position. Most particularly it is not a statement of a UK position. The UK POSIX panel has visited the question of application conformance a number of times and finds three arguments presented: . users - who typically want POSIX-compliance guaranteed with everything they buy. . vendors - who recognise the usefulness of POSIX as a support platform, and as a marketing lever, but don't want the expense of proving conformance. . 'standards professionals' (for want of a better description) - who believe their existing efforts are largely ignored by both users and vendors. The User's Problem: . The number of operating systems platforms purchased over any given period of time is dwarfed by the number of applications purchased to run on them. . The more widely accepted a particular operating system platform, the richer the set of available applications will be to run on it. These truisms are so obvious they are readily overlooked. POSIX is the basis of a widely accepted (family of) operating system(s). Users have specified requirements for POSIX systems, have found them and bought them. They have 'bought' the concept of future- proofing their investment in platforms and are looking for the applications which they can carry forward from the rich selection on offer ...then they become confused: they cannot identify POSIX-conformant applications from all the others. This view of POSIX from the user's angle is well put by Robert Smith, in his paper "The English NHS Requirement for Application Conformance Testing", (circulated by email as SC22WG15.363 and attached). The demand for POSIX applications conformance is largely user-driven, though it gains some support from the 'standards professionals' group. To summarise (accurately, I hope) the user's argument, WG15's effort in standardising POSIX will be still-born if it fails to address the user's need for identifying and 'classifying' POSIX applications. The Vendor's Problem: . There are solid business reasons for writing applications to run on a widely accepted operating system platform (or API). . There is keen competition between functionally-similar applications on the same platform: costs must be minimised to enhance the marketability of the vendor's own applications. POSIX platforms are popular; they offer a ready market for applications, but the cost of proving conformance could render the product uncompetitive. Equally, an application which uses only the POSIX family of APIs may be unattractively slower than a similar application which uses 'extensions'. Vendors argue that users are ultimately fickle beings: they claim that portability is their main concern, but will ultimately make a choice of application based on cost and efficiency - the extra cost burden of proving conformance will ultimately weigh against them. The Standards Professional's Problem: . A vast amount of effort has been and continues to be expended on conformance testing and certification for a wide variety of standards. . Even when those standards are in place, users fail to adopt policies which encompass those standards and thus move them towards conformance of applications. The 'Standards Professional' believes he is producing the standards that the task demands, but on the one hand vendors tell him that the cost of conformance testing is prohibitive, (especially for small, cheap applications), and on the other hand users fail to demand proof of adherance to the standards that exist. A Suggestion: A principle of engineering is that a triangular structure is inherently strong. The three-cornered stand-off described above is equally difficult to break; but common factors appear to be the cost and the difficulty of proving (vendors) and requiring (users) conformance. We need a cheap and easy solution. ISO/IEC 9945-1:1990 outlines (in Section 1.3.2) a set of four 'levels' of application conformance to the standard. The UK has proposed an additional level of 'Rigorous Conformance', (WG15 AI 9405-04), which is under consideration. One solution may be to register a set of 'trade-names' corresponding to these levels and to allow vendors to use these as 'badges' on their products. There would not necessarily be any requirement for proof of conformance to these levels, although first or third party testing would be encouraged (by the users). So how is the scheme policed, with no proof of conformance required? Peer vendor- and user-pressure may be sufficient here, in that where a user buys a product which fails to live up to the claims of the 'badge', he can approach the vendor and ask for some explanation of the shortcoming. If the explanation is inadequate the user can approach the 'trade-name' holder, who can, if he is not satisfied, require the removal of the 'badge' from the product. The user may then have a reasonable claim against the vendor, certainly in the UK, for selling a product unsuitable for the purpose. All comments, criticisms, suggestions and debate are welcome. A set of the email exchanges forming the background to this paper are available as UK P261.