decentralized-id.github.io/_posts/web-standards/w3c/2020-11-09-w3c-history.md

date	title	description	excerpt	layout	permalink	canonical_url	categories	tags	header	last_modified_at
2020-11-09	W3C History	An international community that develops open standards to ensure the long-term growth of the Web.	First started as an IETF application area at the beginning of 1990, the Web standard stack, given its foreseen volume and applicative nature on top of the Internet protocols, quickly spun off its own forum. The W3C then laid the foundations of the Web with the development of HTML 4 and XML at the end of the last century. It still works closely with IETF today, on the HTTP or URL specifications and in other areas of common interest (e.g. crypto, security, video).	single	web-standards/w3c/history/	https://decentralized-id.com/web-standards/w3c/history/	Web Standards History	W3C OAuth Microsoft	image teaser /images/w3c_banner.webp /images/w3c_teaser.webp	2020-11-22

World Wide Web Consortium(W3C) • Twitter • GitHub • LinkedIn

• ICANN WIki

  First started as an IETF application area at the beginning of 1990, the Web standard stack, given its foreseen volume and applicative nature on top of the Internet protocols, quickly spun off its own forum. The W3C then laid the foundations of the Web with the development of HTML 4 and XML at the end of the last century. It still works closely with IETF today, on the HTTP or URL specifications and in other areas of common interest (e.g. crypto, security, video).

Consortium

The World Wide Web Consortium (W3C) is an international community where Member organizations, a full-time staff, and the public work together to develop Web standards. Led by Web inventor and Director Tim Berners-Lee and CEO Jeffrey Jaffe, W3C's mission is to lead the Web to its full potential.

Mission

On 29 August 2012 five leading global organizations jointly signed an agreement to affirm and adhere to a set of Principles in support of The Modern Paradigm for Standards; an open and collectively empowering model that will help radically improve the way people around the world develop new technologies and innovate for humanity. Learn more about OpenStand: the modern paradigm for standards.

Facts

In 1989, Tim Berners-Lee invented the World Wide Web (see the original proposal). He coined the term "World Wide Web," wrote the first World Wide Web server, "httpd," and the first client program (a browser and editor), "WorldWideWeb," in October 1990. He wrote the first version of the "HyperText Markup Language" (HTML), the document formatting language with the capability for hypertext links that became the primary publishing format for the Web. His initial specifications for URIs, HTTP, and HTML were refined and discussed in larger circles as Web technology spread.

Early Early

• Web Design Issues - Identity Tim Berners-Lee 1998

  Identifiers - what is identified?
  When XML is used to represent a directed laballed graph which is used to represent information about things, then one must be able to make statements about parts of an XML document, parts of the DLG (such as RDF nodes) and of course the objects described. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification

• Identity Interoperability

  TimBL's diagram at TPAC2012Over the years many different authentication systems have been developed. Each one proposes a method for an agent to prove his relation to an identifier - called a Principal. A Principal is a string that can be mapped to a URI, that usually refers to some network resource, which itself can then be linked to a subject. An LDP authorization system may authenticate agents that are allowed access to a resource using different types of Principals. This page lists a number of ways Authorization agents can prove identity of an agent using one Principal, with an ACL that may be using a different type of Principal. The aim is to gather such examples together in order to find an general theory that underpins these proofs.

• The Platform for Privacy Preferences 1.1 (P3P1.1) Specification

  This is the specification of the Platform for Privacy Preferences 1.1 (P3P 1.1). This document, along with its normative references, includes all the specification necessary for the implementation of interoperable P3P 1.1 applications. P3P 1.1 is based on the P3P 1.0 Recommendation and adds some features using the P3P 1.0 Extension mechanism. It also contains a new binding mechanism that can be used to bind policies for XML Applications beyond HTTP transactions.

• Identity Definitions in the P3P Specification
• Identity Rights Agreements and Provider Reputation

  IDENTITY COMMONS Position Paper Kaliya Hamlin, Identity Woman & Identity Commons Phillip J. Windley, Brigham Young University Aldo Castaneda, The Story of Digital Identity

  Abstract: While decentralized, user-centric identity systems provide hope that useful, secure identity systems may be possible on the Internet, ensuring that user data is protected in these system requires more than a technical solution. In this paper, we describe a project underway at Identity Commons to create a framework within which users can express their protection preferences (called identity rights agreements). Part of this project will establish a reputation system for identity providers and relying parties that engenders trust and lowers user risk.

W3C Workshop on Identity in the Browser 24/25th May 2011, Mountain View (USA)

Over the last ten years, for most end-users there has been no visible progress beyond cookie-managed usernames and passwords entered via HTML forms. Current password-based logins offers little value to the end-user, as they are forced to bear the onerous responsibility of remembering too many passwords or simply re-using low-security passwords.

As passwords and cookies are easily compromised, both web-site operators and users then expose themselves to massive security breaches. Despite the large amount of valuable standardization work on identity, it is unclear how user agents such as Web browsers can interact with both identity-consuming applications and server-side federated identity services, and many current identity specifications either assume or underspecify secure authentication in the browser. The key missing component to enable trusted identity on the Web is likely then to be found in user-centric cross-browser standards for secure authentication and session management.

Position papers • Download all papers as a ZIP file.

• Identity in the Browser: Easy Wins and Guiding Principles by Naveen Agarwal, Miranda Callahan, Tyler Close, Travis McCoy, Chris Messina, Glen Murphy, Dirk Pranke (Google)
• National Strategy for Trusted Identities in Cyberspace - Requirements and Potential Use Cases by Peter Alterman (NIH)
• A Vision for Browser-Assisted Web Authentication by Siddharth Bajaj, Slawek Ligier (Symantec)
• The Chained Identity Systems of Online Entertainment by Wendell Baker (Yahoo!)
• Identity in the Platform - Thinking Beyond the Browser by Dirk Balfanz (Google)
• Web authentication is deeply flawed, and it is time to fix it by Patrik Bichsel, Dave Raggett and Rigo Wenning
• Considering Browsers' Role in a User-Centric Online Identity Ecosystem: Privacy and Context by Aaron Brauer-Rieke (Center for Democracy & Technology)
• Expression of Interest - Improving Identity Management on the Internet by David W Chadwick, George Inman, Kristy Siu (University of Kent)
• NSTIC, Privacy and Social Login by Francisco Corella, Karen P. Lewison (Pomcor)
• Tailored Signatures with DOSETA by D. Crocker (Brandenburg InternetWorking)
• AuthenTec Online Open Authentication by Vito Fabbrizio, Greg Kerr (AuthenTec)
• Account Management: A Deployment and Usability Problem by Phillip Hallam-Baker (Comodo Group)
• Empowering Individuals with Tools to Manage Their Personal Data for the Identity in the Browser by Kaliya Hamlin, Mary Hodder (Personal Data Ecosystem Consortium)
• Federated Browser-Based Identity using Email Addresses by Mike Hanson, Dan Mills, Ben Adida (Mozilla)
• The Chicken, the Egg and the Rooster: Why Internet Identity is Still Unsolved by Dick Hardt
• Identity as a Platform Service by Sam Hartman (Painless Security), Josh Howlett (JANET(UK))
• Looming private information fiasco versus the new cloud business model: The next generation will ask "Where were you when this was going down?" by Carl Hewitt
• Identity in the Browser - Avoiding Common Flaws by Brad Hill
• Importance and Impact of Requirements on Technical Solutions for Identity by Frederick Hirsch (Nokia)
• Mobile Provided Identity Authentication on the Web by Jonas Hogberg(Ericsson)
• The Nexus of Identity by Maryann Hondo, Mary Ellen Zurko, Matthew Flaherty, Paula K. Austel, Sridhar Muppidi (IBM)
• How to Improve the Security around the Mobile User Authentication Process? by John Hwang (Neustar)
• Evolution of Identity in the Face of a New Lightweight Web Services Paradigm Shift by Phil Hunt (Oracle)
• The Emerging JSON-Based Identity Protocol Suite by Michael B. Jones (Microsoft)
• Identity Security within Web Browsers by Kevin Jones, Narm Gradiraju, Jack Matheson (Intel)
• Selected issues with web identity mechanisms and a possible way forward by Vladimir Katardjiev, Goran Eriksson (LM Ericsson AB)
• Identity in the Federal Learning Registry by James Klo, Marie Bienkowski (SRI International)
• Goals, Constraints, and Issues for Identity in the Browser by John Linn (RSA/EMC)
• Browser Personas: Towards a Reasonable Middle Ground by Ben Livshits (Microsoft)
• Backplane Protocol and Identity Scenario by Brian Mcginnis, Johnny Bufu, Vlad Skvortsov (Echo)
• Privacy Delegate: a browser-based tool for privacy self-management in social networks by Miguel A. Monjas, Jose M. del Alamo, Juan-Carlos Yelmo, Jonas Hogberg (Ericsson)
• Browser support for identity federation with many identity providers by RL "Bob" Morgan (University of Washington, InCommon)
• Reparing HTTP authentication for Web security by Yutaka Oiwa, Tatsuya Hayashi, Boku Kihara (AIST)
• Bridging the Disconnect Between Web Privacy and User Perception by Mike Perry (The Tor Project)
• Improving password managers and multidevice synchronization by Yngve Pettersen (Opera Software ASA)
• Two-factor Authentication for the Cloud by Anders Rundgren (PrimeKey Solutions AB)
• The WebID Protocol & Browsers by Jeff Sayre, Henry Story
• Thoughts on Trust Infrastructure, User Interface, and Legal Issues by Stephen Schultze (Princeton University)
• Statement of Interest and Requirements for W3C Workshop on Identity in the Browser by Dan Schutzer (Financial Services Roundtable/BITS)
• Do you know who I am? by David Singer (Apple)
• Building the Legal Framework for Browser-Enabled Identity by Thomas J. Smedinghoff (Wildman Harrold, Allen & Dixon)
• A WebID Implementation in Pure JavaScript and Flash by Manu Sporny, David Longley, David I. Lehn, Mike Johnson (Digital Bazaar)
• Identity in the Browser: Putting the Cart Before the Horse by Andy Steingruebl, Jeff Hodges (PayPal)
• A usable identity management system for the Digital Public Space by Olivier Thereaux, Mo McRoberts, Richard Northover (British Broadcasting Corporation)
• On OIX and NSTIC by Don Thibeau (OpenID Foundation, OIX)
• Digital Identity in Perspective by John Tolbert (The Boeing Company)
• Identity In The Browser at 5. Lessons Learned by Paul Trevithick (Azigo)
• Browser Support for the Open Authorization (OAuth) Protocol by Hannes Tschofenig, Barry Leiba, Blaine Cook, Rob van Eijk
• The Need for a Web Security API Sean Turner (IETF Security Area Director), Stephen Farrell (IETF Security Area Director), Peter Saint-Andre (IETF Applications Area Director)
• Server Authentication with DNSSEC by M. Vanderveen
• Browser Assisted Identity Management by Yu Wang, Aanchal Gupta (Yahoo!)
• Position paper from Netflix, Inc. by Mark Watson, Mitch Zollinger, Wesley Miaw (Netflix)
• GSS-REST, a Proposed Method for HTTP Application-Layer Authentication by Nicolas Williams (Cryptonector)
• Consumer Third Party Authentication: Challenges and Potential Solutions by Craig H. Wittenberg (Microsoft)

And beyond

• A draft charter of Web Identity Channy Yun - Posted on: October 5, 2011

  The W3C has prepared Web Identity working group and make a draft charter. As following is main track for works.

• ISSUE-17: Identity, Agent, Person, Persona, Account etc. need clarifications

  As for today we don't seem to have clear strategy on how to define and use Online Identity related concepts.

• WebID - W3C Wiki

  The W3C is still exploring better ways to do authentication, for example in the 2014 workshop on authentication. The WebID is a Community Group, and anyone can start a Community Group. A Community Group does not necessarily reflect the endorsement of the W3C, but we encourage grassroots communities to experiment with technology that may become a future standard.

• USER IDENTITY ON THE WEB COMMUNITY GROUP

  Currently, more and more services are created on the web and require information about you, me, all of us. Therefore, users have to give away a lot of information about themselves to many different services. The point is that the users lose control of their identity on the web, by filling a lot of forms (e.g., through subscriptions). Privacy on the Internet is extremely important and must remain. Personal information is used by services we, sometimes, don't even know about, and it is a real problem. The aim of this group would be to think about new ways to identify individuals over the internet using trusted web based identities embedded directly into the core protocols of the web. At the same time it is important to maintain equilibrium between total privacy and providing information when needed, which means, when the user wants to.

• The Story of Open SSI Standards - Drummond Reed/Evernym - Webinar 1 • Youtube • Slideshare

  Drummond Reed, Chief Trust Officer at Evernym and Sovrin Foundation Trustee, features in our first Webinar "The Story of SSI Open Standards" by giving us the background on the foundation of Self Sovereign Identity.