One step toward interoperable security on the web !

One year ago, discussions about identity and security were crowded in W3C meetings.

Crowded and controversial.

How to bring more security and interoperability in web app ? How to serve use cases such as identity management ? Why not having interoperable features for protecting peer to peer communications ? In case it happens, isn’t it a dream to think that javascript may be secured one day ?

Mozilla was key in those exchanges, driven by their strategy to develop some cryptographic function [1] and roll out their strategy on identity and Persona [2]. But other companies such as Microsoft, Google, Netflix and gemalto – I am with – were also interested to actually move on. After turning the question and gathering contributions, reactions, W3C made his mind and launched a working group with the mission to provide with the developers the basics of cryptography. The charter was defined, the chair was chosen (by chance, me), the W3C team contact assigned (Harry Halpin and Wendy Seltzer) and the group was kicked off in May 2012 [3]. With 19 organizations represented, plus 11 invited experts [4], the working group has been working 4 months on a very regular basis, including summer, investing 20 hours of conference call, 2 days of face to face meeting, and almost 1000 mails exchanged, and the result is here : the Web Crypto AP is now going for First Public Working Draft [5]. The particular dedication of Ryan Sleevi, one of the editor from Google, was key to define this API and offer it to the web developers.

But what is exactly offered there ? Basic tools for generating random, generating key, and performing basic cryptographic operation such as cipher and sign. This will allow any webapp to build its own security policy, in addition to HTTPS usage.

Is it perfect ? No. Of course there is a room for improvements, stories about key transfer, key cloning, key identifiers, access control on the key, need to be elaborated. The working group is already engaged in solving those issues, in addition to analyzing  comments from the industry – which is exactly the purpose the the First Public Working Draft in W3C process. This is a basis, on which the industry concerned with security and interoperability can start discussing with, testing, and argue !

If you feel this javascript API is important, read it ! If you find it awful, say it ! The working group and the chair will be definitely be happy to hear more from you on the public mailing list public-webcrypto-comments@w3.org !

[1] DOM Crypto by Mozilla; [2] Persona by Mozilla ; [3] W3C Web Crypto WG wiki  ; [4] Web Crypto WG participants  ; [5] Web Crypto API for comments

Power is contextual

(artbackwash.blogspot)

It happened few weeks ago that I had to attend a training related to safety. You know, this kind of training any employee should follow to have appropriate reflexes when facing  a situation where human lives could be saved or lost. You know, this kind of training  you have cancelled three times and feel guilty enough at the end to accept. This kind of training where, lets be honest, you get bored after one hour and which systematically ends with a psychotherapy style, each trainee telling his or her story about his uncle who had a terrible accident … well, you know.

Training begins, round table, attendees from different companies, different styles, different jobs. Trainer was great, managing smartly the group to keep us on track. But after 20 minutes, in spite of trainer efforts, it appeared that two people, while being in the room with us, were not with us. Guess who ? The big manager and the HR manager, both starring at their smartphone, fingers running, reading mails, chatting – smiles always trade you. The situation was so evident that the trainer had to lecture them – with humor, to make it acceptable.

On which two consequences : HR manager stopped typing but went on surfing ‘discreetly’ and the big manager answered ‘I am managing emergencies, you know’. He listened a bit before jumping again in his digital life. He raised his head some time to time to kindly participate, take the lead on the discussions, or influence the agenda. He is also the one who put pressure on the trainer at 11:58, reminding that there were two minutes left as indicated in the training program.

Few thoughts . Is that real that some people do not remember that professional power is only valid in certain situations ? Even if a manager has been conducted all his efforts to become a manager (e.g. sacrificing a lots of his private life) the potential power he handles is not universal. Specially in the current context where each of us has a chance developing multiple talents and expertise on professional and personal side. In addition, management is a skill for making right decisions for choosing appropriate strategy and people to make a company profitable, but this does not mean that those skills are applicable to any domain – specially in safety.

Smart managers are the ones who are able to listen, and learn in each situation, including in boring ones. The ones who are able to remember that their power is contextual, non transferable and temporary – so they should not get used too much to it.

[Mots] Petit matin

Copyright Patrice DebrouwereDessin de Patrice Debrouwere

Ce sac pèse un âne mort. Escaliers. Pardon. Pardon. Tourniquet poussif. Une épaule. Pardon. M’en fous. Vague odeur de chocolat et de beurre. Néon. Tapis roulant. Ce sac pèse un âne. Quai. Mosaïques. Couleurs. Bleu. Rouge. Blanc. Dans le désordre. Un souffle. Une rafale. Les portent s’ouvrent. Banquette. Regards intérieurs. Crissement. Signal sonore. Ce sac pèse un âne. Même cirque pour sortir de terre. Ciel gris, impeccable. Plaques d’égout. Des pièges. Les éviter. Passage piéton repeint à neuf. C’est la rentrée. Vélib cuirassé. Rue du moulin des prés. Ce sac pèse un âne. Digicode. Quatre.Trois. Deux. Un. Non. Cinq. Trois. Non. … . Bzzz. “Oui ?”. “C’est moi !”. Cliquetis électronique. Moquette. Ascenseur. Porte en chêne ciré. Plexi-plaque. Ce sac pèse un âne. Le poser. Travailler.

When french politic, hacktivist and sociologist discuss Internet democracy …

Listened recently to a radio show, broadcasting discussions held during ‘Les Rencontres de Pétrarques’ in Montpellier, France [1].

Great topic : Internet, ultimate step of democracy ? The program was driven by a wish to make a status on the Internet. Everyone admits that from Internet development in the 90’s, allowing the simple exchange of basic ping messages to the recent boom of social media where anyone can talk, share and participate, things have drastically changed. To discuss such large topic, the audience listened to Fleur Pelerin @fleurpellerin [2], minister of SMB, Innovation and digital economy, Fabrice Epelboin @epelboin [3], qualifying himself as infowarrior and hacktivist, and finally Dominique Cardon [4], sociologist analyzing the impact of new technologies on our society. The round table was chaired by Emmanuel Lorentin, a smart presenter of the daily morning program ‘La fabrique de l’histoire’ on France Culture radio.

Before the actual debate with the  public, each of the guest exposed his or her view about the topic, and this is where I believe the contrast was really interesting.

Fleur Pellerin, representing the recent left established government spoke first. After the expected list of buzz words such as cloud, opendata, twitter, she mentionned that for her the main changes brought by the internet in politic was the new politic time. Just like internet sped up the exchanges of information between people or companies, internet is making  citizens able to question politics and increase the pressure related to success expectation. She reminded that the direct link created by social media was often irrelevant or incompatible in a space where politics need to keep mid-term vision and cannot always comment or demonstrate result immediately. Fleur Pellerin re-assessed also that not everyone had the possibility to use internet and some further efforts should be made to make all citizen equals in front of this technology.

Then came the voice of Fabrice Epelboin, the voice of the infowarrior, the guy supporting an internet free – in the sense of without control – for everyone and fighting government willingness to monitor this media. Fabrice reminded that the massive communication capability of internet was inducing highly complex and conflictual situations which were not solved at the moment. The notion of goods being dematerialized and multiplied by thousands (aka your old good MP3 that you used to download on megaupload), which was creating an overreaction of governments, trying to  control peer exchanges, inducing spying internet. He reminded that serious and independent studies demonstrated that impact of ‘illegal’ download was almost null for the music business. Fabrice also pointed that behind the control of internet, a huge business opportunity was relying for the french industry. He gave examples of IBM and Amesys exporting technologies allowing to monitor citizen communication over internet.

Finally, the mic was given to Dominique Cardon, who commented the new ways for citizen to engage in the society. He reminded the new forms for people to interact : from collaborative work such as W3C, wikipedia or activism such as alter-mondialist Occupy or Indigné, to political party such as Pirate Parti. He reminded what were the three fundamental basis of such democratic activism, using internet as a media. One. Top to Bottom organization is banned. No way to get a leader in those movements. No one could say ‘we’, on behalf of the group, except if he or she has a mandate – which always last a short period of time. Two. The program of the group is designed by the group at the same time the group evolves. As such, the group can only make a decision after a series of consensus, progressing slowly and taking into account the voice of all individual raising their hand. Three. The actual investment of citizen is at the heart of the political engagement. And, just like the movement is designing its objective while it grows up, rules for making decision are built by the same people who actually make decision. Tthis is what he called the libertarian internet.

Those three very different filters on the actual democracy state of internet lead to an interesting debate with the public – without Fleur Pellerin who had to leave (well, politics never have time !). On my side I would keep in mind a major question that 21rst century will naturally have to address : how internet will allow a vast majority of citizen to self organize with enough freedom to learn, grow up and light up.

[1] France Culture ‘Les Rencontres de Pétrarque’ podcast ; [2] Fleur Pellerin wikipedia page ; [3] Fabrice Epelboin info website [fr] ; [4] Dominique Cardon book ‘Démocratie Internet‘ and conferences on public space and social mediaopen data.

[Tourism] Village de Banon : 110 000 livres pour 1000 habitants [fr/eng]

This post relates to the huge Banon’s bookshop in Alpes de Haute Provence.

Great books, amazing project, nice place to read !

English version below.

—-

Alpes de Hautes Provence. A vingt-cinq kilomètres de Forcalquier, entre les collines vertes et les villages en pierres sèches,  Banon, village typique provençal attend les visiteurs. Peu d’entre eux montent jusqu’à l’église qui surmonte le village. La plupart s’arrêtent au pied du village, au niveau de la librairie “Le Bleuet”. 110 000 ouvrages investissent les pièces de plusieurs vieilles maisons, pour le plaisir des passionnés de livre ou des simples passants. De la cave au grenier, 525 mètres carrés pour déambuler, ce qui en fait la septième plus grande librairie de France. Chacun peut y trouver un ouvrage puisque la librairie, généraliste mais généreusement fournie, propose des rayonnages – voire des pièces entières – sur le voyage, la littérature, la bande dessinée, le livre pour enfant, l’art, … La librairie, installée depuis de nombreuses années vend aujourd’hui quelques 500 livres chaque jour, été comme hiver.

(more…)

[Mots] Carte postale : Foule de bain

—-

Words about a crowded beach,

in south of France.

 

Sur le sable. Occuper l’espace. Serviette, rabane, glacière, paréo, tente, sac. Sac en plastique, corde, tissu, dur, mou. Parasols. Coca-Cola. Perrier. Ricard. Corps alanguis. Suites d’une nuit de camping agitée, d’un périple vers le sud, d’une année de crise, de triste, de réussite, ou de passion, d’une année de famille nombreuse, ingrate, remuante. Les peaux. Fine et blanche. Rouge. Flasque. Poilue. Ridée. Tannée. Crémée. Croustillante. Camouflée. Maillot court, long, minimaliste. Uni. Rayé. Cousu d’or. Corail. Parme. Rose bonbon. Azur. Émeraude. Hibiscus. Fougère. Hawaï. Lézard. Noir, noir, gris, noir. Cordon, lacet, froufrou, ficelle, chaînette, nœuds. Les mains occupées. Livre. Mobile. Tube de crème. Mobile. Magazine. Glaces.

Sur la mer. Les mains en éventail. Les fesses tapotées par les vagues. Sur le dos. Les orteils émergés. Ongles colorés. Frisbee. Ballon. Raquette. Bouée. Boule de sable. Gouttes d’eau. Seaux d’eau. Trombes d’eaux. Tubas. Palme. Masques. Les uns autours des autres, en long, au large, de travers. Regard circulaire. Les autres. Soi. Celle du voisin. Soi. Ceux de la voisine. Soi.

Sur le ciel. Un bimoteur se pavane. Une longue traîne publicitaire derrière lui.

One day, Mobile WebApps will be Super WebApps !

A new step in the evil strategy to have the open web platform becoming the universal development framework for mobile app developers has been unveiled this summer by the World Wide Web Consortium (W3C).

Up to now ,W3C plan was to have mobile web app executed in smartphone and tablet browsers, offering features based on HTML5, CSS and some additional javascript features developed by the Device API Working Group (so called DAP for the people attending this club). Features like : network information – (how is the device connected ? 3G, 2G, Wifi…), battery status information, service discovery (is there any payment webapp on the device another webapp can use ?), vibration capability (bzzz, bzzz), management of media from the webapp … A complete list of items and corresponding specifications are publicly available on DAP wiki [1]. And in addition, if you want to follow when this will land in your favorite browsers, Dominique Hazaël-Massieux @dontcallmedom from W3C Office, is maintaining all devices and browsers implementing the standard HTML and javascript APIs [2]. Great. That was 2012 year plan roll out.

(more…)

[Mots] Mes quatre temps

 

 Matinée pluvieuse. Entre Paris et Marseille, captive d’un wagon à grande vitesse, soudée à la banquette presque confortable, mon pied nu reposant sur le siège d’en face. Les yeux fermés, je paresse.

Chaleur sèche. Les murmures de la cuisine, les assiettes qui s’entrechoquent, échouée sur un transat orange, quelques gouttes fraîches sur ma peau, échappées d’un bassin clair rempli d’enfants. Les yeux fermés, je paresse.

Fraîche nuit. Les basses atténuées bercent mes oreilles. Un verre de vin rouge, haut et élégant. Dissimulée dans le coin d’une large terrasse, face à un jardin humide. Les yeux fermés, je paresse.

Aube lumineuse. Entre rêve et somnolence, les draps blancs bouchonnés, une odeur de café cruelle et tentatrice. Dehors, le vol des mouettes. Les yeux fermés, je paresse.

[Mots] Places de Paris

This text has been written while spending lazy days in Paris. A screenshot of Saint Germain des Prés neighborhood.

Place Maubert. 10h09.

La palette noire est renversée sur le sol. Un liquide gélatineux s’en échappe. Le clignotant se fait jaune, puis orange, puis jaune. La guirlande de sachets en plastique blanc et froissé survole la flaque. Imperturbable.

Rue des Carmes. 10h27.

Le kleenex grisé git dans le caniveau, aux côtés d’un serpentin aplati. Une série de journaux glisse sur le sol. Le papier à cigarette rougeoie. Léger nuage de fumée.

Rue des Ecoles. 10h32.

Hôtel Claude Bernard. Un rire. Plusieurs. Puis rien.

Rue Jean Beauvais. 10h40.

L’homme en chemise blanche converse avec son ordinateur. Sur le mur, un tag, en costume cravate noir s’abrite derrière un masque à gaz. L’homme en gilet orange agite une poubelle derrière un camion coloré. Placardé sur la maison du seigneur, le pope à barbe blanche et robe longue sourit.

Rue des Anglais. 10h42.

Le balai frotte le sol, une feuille séchée file. Le chien passe en remuant la queue, suivi du cabas à roulettes. Tous deux noirs. Une odeur de merde.

Rue Galande. 10h47.

Six tables rondes en inox aveuglent le passant. Le bouddha doré et immense garde l’agence. Une moto à pistons chromés entrave le passage. Le couteau déchire un emballage. Au loin, une pelle gratte le sol.