Off-topic: Re: Comments on Auth 2.0 - Pre-Draft 11

[Josh Hoyt]

On 12/14/06, Joaquin Miller <joaquin at netmesh.us> wrote:
>> I have changed that text from "needs to" to MUST, although I think that the
>> sentence before that (The end user's input MUST be normalized into an
>> Identifier) is pretty unambiguous.
>
>  I feel this is an excellent change.  This style should be followed
> throughout.
>
>  The problem with 'needs to' and 'MUST' in the same document is that it
> leaves the reader this little puzzle to puzzle over:  What is the normative
> difference between 'needs to' and 'MUST'?  Why is 'needs to' used here and
> 'MUST' there?  Is 'needs to' weaker than 'MUST'? Is 'needs to' stronger than
> 'SHOULD'?

I doubt that the "needs to" wording would have ever caused any
problems with implementation. The sentence before states that you MUST
normalize the input. The "needs to" was describing a condition that is
necessary to check in order to perform the normalization. Anyone who
was attempting to implement the normalization algorithm would see that
it is necessary to determine the type of the input before continuing.

I think that words like MUST and SHOULD are not necessary when
describing how to do something whose importance has already been made
clear (by a MUST, etc.). I have a hard time reading prose that uses
those words excessively, because if they are over-used, they become
noise ("you already said I MUST normalize").

Anyway, I think the OpenID 2.0 Authentication specification is pretty
consistent about using the appropriately strong wording when it's not
already clear whether something is required, so I think this
discussion is mostly academic. Feel free to make requests if there are
specific parts whose compliance is not obvious.

Josh