decentralized-id.github.io/_posts/web-standards/w3c/2020-11-09-w3c-history.md

123 lines
19 KiB
Markdown
Raw Normal View History

2020-11-23 12:35:59 -05:00
---
date: 2020-11-09
title: W3C History
description: An international community that develops open standards to ensure the long-term growth of the Web.
excerpt: "First started as an IETF application area at the beginning of 1990, the Web standard stack, given its foreseen volume and applicative nature on top of the Internet protocols, quickly spun off its own forum. The W3C then laid the foundations of the Web with the development of HTML 4 and XML at the end of the last century. It still works closely with IETF today, on the HTTP or URL specifications and in other areas of common interest (e.g. crypto, security, video)."
layout: single
permalink: web-standards/w3c/history/
canonical_url: 'https://decentralized-id.com/web-standards/w3c/history/'
categories: ["Web Standards","History"]
2020-11-27 19:19:32 -05:00
tags: ["W3C","OAuth","Microsoft"]
2020-11-23 12:35:59 -05:00
header:
image: /images/w3c_banner.webp
teaser: /images/w3c_teaser.webp
last_modified_at: 2020-11-22
---
**[World Wide Web Consortium(W3C)](https://www.w3.org/) • [Twitter](https://twitter.com/w3c) • [GitHub](https://github.com/w3c) • [LinkedIn](https://www.linkedin.com/company/w3c/)**
* [ICANN WIki](https://icannwiki.org/W3C)
> First started as an IETF application area at the beginning of 1990, the Web standard stack, given its foreseen volume and applicative nature on top of the Internet protocols, quickly spun off its own forum. The W3C then laid the foundations of the Web with the development of HTML 4 and XML at the end of the last century. It still works closely with IETF today, on the HTTP or URL specifications and in other areas of common interest (e.g. crypto, security, video).
## Consortium
> The [World Wide Web Consortium (W3C)](https://www.w3.org/Consortium/) is an international community where Member organizations, a full-time staff, and the public work together to develop Web standards. Led by Web inventor and Director Tim Berners-Lee and CEO Jeffrey Jaffe, W3C's mission is to lead the Web to its full potential.
### [Mission](https://www.w3.org/Consortium/mission)
> On 29 August 2012 five leading global organizations jointly signed an agreement to affirm and adhere to a set of Principles in support of The Modern Paradigm for Standards; an open and collectively empowering model that will help radically improve the way people around the world develop new technologies and innovate for humanity. Learn more about OpenStand: the modern paradigm for standards.
### [Facts](https://www.w3.org/Consortium/facts.html)
> In 1989, Tim Berners-Lee invented the World Wide Web (see the original proposal). He coined the term "World Wide Web," wrote the first World Wide Web server, "httpd," and the first client program (a browser and editor), "WorldWideWeb," in October 1990. He wrote the first version of the "HyperText Markup Language" (HTML), the document formatting language with the capability for hypertext links that became the primary publishing format for the Web. His initial specifications for URIs, HTTP, and HTML were refined and discussed in larger circles as Web technology spread.
### Early Early
* [Web Design Issues - Identity](https://www.w3.org/DesignIssues/Identity.html) Tim Berners-Lee 1998
> Identifiers - what is identified?\
> When XML is used to represent a directed laballed graph which is used to represent information about things, then one must be able to make statements about parts of an XML document, parts of the DLG (such as RDF nodes) and of course the objects described.
The Platform for Privacy Preferences 1.1 (P3P1.1) Specification
* [Identity Interoperability](https://www.w3.org/2005/Incubator/webid/wiki/Identity_Interoperability)
> TimBL's diagram at TPAC2012Over the years many different authentication systems have been developed. Each one proposes a method for an agent to prove his relation to an identifier - called a Principal. A Principal is a string that can be mapped to a URI, that usually refers to some network resource, which itself can then be linked to a subject. An LDP authorization system may authenticate agents that are allowed access to a resource using different types of Principals. This page lists a number of ways Authorization agents can prove identity of an agent using one Principal, with an ACL that may be using a different type of Principal. The aim is to gather such examples together in order to find an general theory that underpins these proofs.
* [The Platform for Privacy Preferences 1.1 (P3P1.1) Specification](https://www.w3.org/TR/P3P11/)
> This is the specification of the Platform for Privacy Preferences 1.1 (P3P 1.1). This document, along with its normative references, includes all the specification necessary for the implementation of interoperable P3P 1.1 applications. P3P 1.1 is based on the P3P 1.0 Recommendation and adds some features using the P3P 1.0 Extension mechanism. It also contains a new binding mechanism that can be used to bind policies for XML Applications beyond HTTP transactions.
* [Identity Definitions in the P3P Specification](https://www.w3.org/P3P/2003/09-identifiable.html)
* [Identity Rights Agreements and Provider Reputation](https://www.w3.org/2005/Security/usability-ws/papers/26-idcommons/)
> IDENTITY COMMONS Position Paper Kaliya Hamlin, Identity Woman & Identity Commons Phillip J. Windley, Brigham Young University Aldo Castaneda, The Story of Digital Identity
>
> Abstract: While decentralized, user-centric identity systems provide hope that useful, secure identity systems may be possible on the Internet, ensuring that user data is protected in these system requires more than a technical solution. In this paper, we describe a project underway at Identity Commons to create a framework within which users can express their protection preferences (called identity rights agreements). Part of this project will establish a reputation system for identity providers and relying parties that engenders trust and lowers user risk.
### [W3C Workshop on Identity in the Browser](https://www.w3.org/2011/identity-ws/report.html) 24/25th May 2011, Mountain View (USA)
> Over the last ten years, for most end-users there has been no visible progress beyond cookie-managed usernames and passwords entered via HTML forms. Current password-based logins offers little value to the end-user, as they are forced to bear the onerous responsibility of remembering too many passwords or simply re-using low-security passwords.
>
>As passwords and cookies are easily compromised, both web-site operators and users then expose themselves to massive security breaches. Despite the large amount of valuable standardization work on identity, it is unclear how user agents such as Web browsers can interact with both identity-consuming applications and server-side federated identity services, and many current identity specifications either assume or underspecify secure authentication in the browser. The key missing component to enable trusted identity on the Web is likely then to be found in user-centric cross-browser standards for secure authentication and session management.
[Position papers](https://www.w3.org/2011/identity-ws/papers.html) • [Download all papers](https://www.w3.org/2011/identity-ws/papers.zip) as a ZIP file.
* [Identity in the Browser: Easy Wins and Guiding Principles](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_52.pdf) by Naveen Agarwal, Miranda Callahan, Tyler Close, Travis McCoy, Chris Messina, Glen Murphy, Dirk Pranke (Google)
* [National Strategy for Trusted Identities in Cyberspace - Requirements and Potential Use Cases](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_21.pdf) by Peter Alterman (NIH)
* [A Vision for Browser-Assisted Web Authentication](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_43.pdf) by Siddharth Bajaj, Slawek Ligier (Symantec)
* [The Chained Identity Systems of Online Entertainment](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_14.pdf) by Wendell Baker (Yahoo!)
* [Identity in the Platform - Thinking Beyond the Browser](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_26.pdf) by Dirk Balfanz (Google)
* [Web authentication is deeply flawed, and it is time to fix it](https://www.w3.org/2011/identity-ws/papers/bichsel-raggett-wenning.html) by Patrik Bichsel, Dave Raggett and Rigo Wenning
* [Considering Browsers' Role in a User-Centric Online Identity Ecosystem: Privacy and Context](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_24.pdf) by Aaron Brauer-Rieke (Center for Democracy & Technology)
* [Expression of Interest - Improving Identity Management on the Internet](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_12.pdf) by David W Chadwick, George Inman, Kristy Siu (University of Kent)
* [NSTIC, Privacy and Social Login](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_48.pdf) by Francisco Corella, Karen P. Lewison (Pomcor)
* [Tailored Signatures with DOSETA](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_1.pdf) by D. Crocker (Brandenburg InternetWorking)
* [AuthenTec Online Open Authentication](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_34.pdf) by Vito Fabbrizio, Greg Kerr (AuthenTec)
* [Account Management: A Deployment and Usability Problem](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_10.pdf) by Phillip Hallam-Baker (Comodo Group)
* [Empowering Individuals with Tools to Manage Their Personal Data for the Identity in the Browser](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_54.pdf) by Kaliya Hamlin, Mary Hodder (Personal Data Ecosystem Consortium)
* [Federated Browser-Based Identity using Email Addresses](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_25.pdf) by Mike Hanson, Dan Mills, Ben Adida (Mozilla)
* [The Chicken, the Egg and the Rooster: Why Internet Identity is Still Unsolved](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_46.pdf) by Dick Hardt
* [Identity as a Platform Service](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_9.pdf) by Sam Hartman (Painless Security), Josh Howlett (JANET(UK))
* [Looming private information fiasco versus the new cloud business model: The next generation will ask "Where were you when this was going down?"](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_45.pdf) by Carl Hewitt
* [Identity in the Browser - Avoiding Common Flaws](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_37.pdf) by Brad Hill
* [Importance and Impact of Requirements on Technical Solutions for Identity](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_31.html) by Frederick Hirsch (Nokia)
* [Mobile Provided Identity Authentication on the Web](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_20.pdf) by Jonas Hogberg(Ericsson)
* [The Nexus of Identity](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_35.pdf) by Maryann Hondo, Mary Ellen Zurko, Matthew Flaherty, Paula K. Austel, Sridhar Muppidi (IBM)
* [How to Improve the Security around the Mobile User Authentication Process?](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_6.pdf) by John Hwang (Neustar)
* [Evolution of Identity in the Face of a New Lightweight Web Services Paradigm Shift](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_56.pdf) by Phil Hunt (Oracle)
* [The Emerging JSON-Based Identity Protocol Suite](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_30.pdf) by Michael B. Jones (Microsoft)
* [Identity Security within Web Browsers](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_8.pdf) by Kevin Jones, Narm Gradiraju, Jack Matheson (Intel)
* [Selected issues with web identity mechanisms and a possible way forward](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_18.pdf) by Vladimir Katardjiev, Goran Eriksson (LM Ericsson AB)
* [Identity in the Federal Learning Registry](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_27.pdf) by James Klo, Marie Bienkowski (SRI International)
* [Goals, Constraints, and Issues for Identity in the Browser](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_2.pdf) by John Linn (RSA/EMC)
* [Browser Personas: Towards a Reasonable Middle Ground](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_40.pdf) by Ben Livshits (Microsoft)
* [Backplane Protocol and Identity Scenario](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_49.pdf) by Brian Mcginnis, Johnny Bufu, Vlad Skvortsov (Echo)
* [Privacy Delegate: a browser-based tool for privacy self-management in social networks](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_19.pdf) by Miguel A. Monjas, Jose M. del Alamo, Juan-Carlos Yelmo, Jonas Hogberg (Ericsson)
* [Browser support for identity federation with many identity providers](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_29.pdf) by RL "Bob" Morgan (University of Washington, InCommon)
* [Reparing HTTP authentication for Web security](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_36.pdf) by Yutaka Oiwa, Tatsuya Hayashi, Boku Kihara (AIST)
* [Bridging the Disconnect Between Web Privacy and User Perception](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_38.pdf) by Mike Perry (The Tor Project)
* [Improving password managers and multidevice synchronization](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_47.pdf) by Yngve Pettersen (Opera Software ASA)
* [Two-factor Authentication for the Cloud](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_11.pdf) by Anders Rundgren (PrimeKey Solutions AB)
* [The WebID Protocol & Browsers](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_22/webid.html) by Jeff Sayre, Henry Story
* [Thoughts on Trust Infrastructure, User Interface, and Legal Issues](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_50.pdf) by Stephen Schultze (Princeton University)
* [Statement of Interest and Requirements for W3C Workshop on Identity in the Browser](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_33.pdf) by Dan Schutzer (Financial Services Roundtable/BITS)
* [Do you know who I am?](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_51.pdf) by David Singer (Apple)
* [Building the Legal Framework for Browser-Enabled Identity](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_39.pdf) by Thomas J. Smedinghoff (Wildman Harrold, Allen & Dixon)
* [A WebID Implementation in Pure JavaScript and Flash](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_7.pdf) by Manu Sporny, David Longley, David I. Lehn, Mike Johnson (Digital Bazaar)
* [Identity in the Browser: Putting the Cart Before the Horse](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_55.pdf) by Andy Steingruebl, Jeff Hodges (PayPal)
* [A usable identity management system for the Digital Public Space](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_17.html) by Olivier Thereaux, Mo McRoberts, Richard Northover (British Broadcasting Corporation)
* [On OIX and NSTIC](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_53.pdf) by Don Thibeau (OpenID Foundation, OIX)
* [Digital Identity in Perspective](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_57.pdf) by John Tolbert (The Boeing Company)
* [Identity In The Browser at 5. Lessons Learned](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_41.html) by Paul Trevithick (Azigo)
* [Browser Support for the Open Authorization (OAuth) Protocol](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_32.pdf) by Hannes Tschofenig, Barry Leiba, Blaine Cook, Rob van Eijk
* [The Need for a Web Security API](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_28.pdf) Sean Turner (IETF Security Area Director), Stephen Farrell (IETF Security Area Director), Peter Saint-Andre (IETF Applications Area Director)
* [Server Authentication with DNSSEC](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_3.pdf) by M. Vanderveen
* [Browser Assisted Identity Management](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_15.pdf) by Yu Wang, Aanchal Gupta (Yahoo!)
* [Position paper from Netflix, Inc.](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_23.pdf) by Mark Watson, Mitch Zollinger, Wesley Miaw (Netflix)
* [GSS-REST, a Proposed Method for HTTP Application-Layer Authentication](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_16.pdf) by Nicolas Williams (Cryptonector)
* [Consumer Third Party Authentication: Challenges and Potential Solutions](https://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_42.pdf) by Craig H. Wittenberg (Microsoft)
### And beyond
* [A draft charter of Web Identity](https://www.w3.org/community/webcryptoapi/2011/10/05/a-draft-charter-of-web-identity/) Channy Yun - Posted on: October 5, 2011
> The W3C has prepared Web Identity working group and make a draft charter. As following is main track for works.
* [ISSUE-17: Identity, Agent, Person, Persona, Account etc. need clarifications](https://www.w3.org/Social/track/issues/17)
> As for today we don't seem to have clear strategy on how to define and use Online Identity related concepts.
* [WebID](https://www.w3.org/wiki/WebID) - W3C Wiki
> The W3C is still exploring better ways to do authentication, for example in the [2014 workshop on authentication](http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/Overview.html). The WebID is a Community Group, and anyone can start a Community Group. A Community Group does not necessarily reflect the endorsement of the W3C, but we encourage grassroots communities to experiment with technology that may become a future standard.
* [USER IDENTITY ON THE WEB COMMUNITY GROUP](https://www.w3.org/community/w3id/)
> Currently, more and more services are created on the web and require information about you, me, all of us. Therefore, users have to give away a lot of information about themselves to many different services. The point is that the users lose control of their identity on the web, by filling a lot of forms (e.g., through subscriptions). Privacy on the Internet is extremely important and must remain. Personal information is used by services we, sometimes, don't even know about, and it is a real problem. The aim of this group would be to think about new ways to identify individuals over the internet using trusted web based identities embedded directly into the core protocols of the web. At the same time it is important to maintain equilibrium between total privacy and providing information when needed, which means, when the user wants to.
* [The Story of Open SSI Standards - Drummond Reed/Evernym - Webinar 1](https://ssimeetup.org/story-open-ssi-standards-drummond-reed-evernym-webinar-1/) • [Youtube](https://www.youtube.com/watch?v=RllH91rcFdE) • [Slideshare](https://www.slideshare.net/SSIMeetup/self-sovereign-identity-ssi-open-standards-with-drummond-reed)
> Drummond Reed, Chief Trust Officer at Evernym and Sovrin Foundation Trustee, features in our first Webinar "The Story of SSI Open Standards" by giving us the background on the foundation of Self Sovereign Identity.