W3C

Another W3C Advisory Board mandate ? yes, sure !

IMG_20150606_165130

Here we are. After 2 years enjoying W3C Advisory Board discussions, it is now time to renew or not my seat. And I have decided to follow up on that experience. Dealing with such fantastic topics as W3C governance, priority and conflict resolution was a super experience. I enjoyed sharing with other team members, suggesting directions and finding what would be best for members and the open web platform. And I think we did well with the AB members in the last years…

The ballot is open, there are 6 candidates, for 5 seats. And votes are made by each of the 410 members of W3. The other candidates for that election are Tantek Çelik (Mozilla), Daniel Glazman (Disruptive Innovations), Jay Kishigami (NTT), David Singer (Apple), Léonie Watson (The Paciello Group). Nominations can be read here https://www.w3.org/2016/05/02-ab-nominations

Oh ! And if you support my presence in the W3C Advisory Board, don’t hesitate to tell your W3C representative !

Tech, Web and Society in W3C

Blowball II - M.C. Escher

It has been several years I have been involved in W3C.The ten thousands of hours of discussions I had with some of my W3C colleagues, mates, folks, peers, were deadly interesting. We were covering the technical web, but all the stuff coming with it. The web and the society. The technology as a tool, that anyone can handle and use, following its own rules, follow its own goal. We discussed about the reliable and equal web. But. What does it mean to maintain a reliable web, for all ? What does it mean when a group of people decides to develop technologies to break it ? What does it mean to break the web ? You know, all those questions that do not directly fall in the basket of W3C – after all, it is only a technical standardization body ! Since one year, I was convinced that this was a missing dimension in W3C. And something happened. Slowly by slowly, this idea came on the table. Why not creating a place for the W3C members to exchange on the potential impact of the technology developed in W3C ? Why not keeping an eye on the way the web is used today, and debate on the potential impact on policies ?

The Advisory Board and the W3C team have been working on the creation of the Technology & Policy Interest Group. A group which will be open to W3C members, a group which will gather state of the art on topics such as deep linking (or can we forbid to reference a resource), DMCA-like challenges (or how to allow researcher to stay on the legal side, while researching on the web, and thus potentially hacking it) and Surveillance (you know, government and companies monitoring all and everything). And this is, as a starter. The Tech & Pol Interest Group, chaired by Jean François Abramatic, ex W3C CEO, will work in a W3C-member-only mode and will deliver some Analysis. Analysis is a new format, to avoid saying the group will deliver Note or normative Recommendation. First, those Analysis may be only a collection of problem, a list of solutions, and it will be up to the directors, with members consultation to do something from that.

That Interest Group is a fantastic chance to have a place to discuss those important topics, to have the craftsmen and craftswomen of the web, exchanging on technology impact, all together, and potentially raising the question on which type of web we want for all.

The creation of the Interest Group depends on the support it will gain in the W3C membership, and on the number of objection its review will collect. So, if you think this group is a good idea, and if your company is W3C member, I can only encourage you to ping your AC rep and tell him/her what you think…

Illustration: Blowball II – M.C. Escher

W3C : TPAC week was also about fun and art

This post is the last one of a serie of 4 dedicated to the yearly W3C meeting. Previous ones were dealing with serious stuff such as W3C Advisory Board, the news in the tech area, and the particular topic of security in W3C.That one relates to the fun happening in W3C TPAC…

The ones who were there could not ignore that in addition to meet great and smart people, in addition to produce specification and work out on some resolutions, the mood in TPAC is about human and social interactions. Coffee breaks, special dinners and bar sessions are the place to be. All is provided to allow people to meet. And there were two remarkable activities during that TPAC week in Sapporo.

Werewolf game.

Werewolf is famous in W3C. It is most of the time orchestrated by Dom and Doug from W3C.The game is about guessing in an assembly of 20 people or more who are the werewolves killing simple villagers at night. Each player can be either a special character and get some special tips about werewolves identity. That game is happening in the evening, in one of the hotel where most TPACer were sleeping, and every night, you could see poeple joining the group at 21:30, jumping out from nowhere, to be here and have fun. That year, the new usage is that the werewolf game opened a twitter account (that I had fun managing during one night, at least).
During the night, the villagers sleep.

This is a village sleeping pic.twitter.com/QqiceANBXZ

— Simple Villager (@simple_villager) October 29, 2015

And in the morning, the players vote to decide who is a werewolf

Yes, random finger pointing is the most democratic voting system for killing the @w3ctag members 🙂 pic.twitter.com/zIGUwg2h4V

— Simple Villager (@simple_villager) October 29, 2015

The Haiku challenge.

That idea came from Maria Audey and David Rogers. The challenge was to make the TPACers writing an haiku (a 3 sentences poem, which constraint is that it has to be 5/7/5 syllables). Writers could either send the haiku anonymously or sign with their name. We received 35 haikus in less then 2 days. All are archived for ever on W3C servers, available here : https://www.w3.org/wiki/TPAC/2015/haiku

You can note the cross theme with werewolf game

Full moon

Doug, a simple villager,

when the moon is full,

smells of blood, bones and beard.

My favourite haiku was (by Ian) :

Ode to Scribes

RRSagent

I have been scribing so long

Zakim, close the queue

And the jury, composed of David, Maria and me voted for Yves one :

Shepherds

Web is where we live

TPAC is where we connect

Free Web for the world.

Again, that year TPAC was amazing, feeding people with tech, fun and art…

W3C : about security activities (gossips, new work and strategy)

This post is the third one, reporting about W3C TPAC activities. Previous ones were related to advisory board discussion and general technical topic. That one focus on my fav topic, security.

People following me know I am a promoter of security in W3C. And having done that in the last 4 years, I must confess I had some good surprise during last W3C TPAC week (which is the yearly big W3C party). Here is what I collected, going into official and unofficial meeting, coffee breaks and bars…

Oh, just TimBL, Vint Cerf and Jun Murai chewing the fat about history and future of the Internet and web. #TPAC2015 pic.twitter.com/xoWsLaIIf3

— olivier Thereaux (@olivierthereaux) October 28, 2015

When Vint Cerf, Jun Murai, and Tim Berners Lee advocate for security. W3C TPAC day started with a 3 stars raw on stage, exchanging with W3C CEO Jeff Jaffe. (Note for the youngest ones, Vint Cerf invented the internet and is working for Google, Jun Murai has been contributing on that eco-system, being one of the most powerful japanese representative in the internet, Tim Berners Lee, is Tim…). Reading the minutes of that conversation, one could realize that security was at the heart of the exchanges. About making security in everything, about security being transparent, about strong authentication, about making the web a trusted place… While those gentlemen did not draw the technical solutions on any white board, but rather exchanged on such needed effort, this gave an indication about their next challenge for the web.

W3C security strategy is here. In order to answer to W3C members request about having a security strategy, the security strategic plan for W3C has been issued. The Technology and Society domain considers two aspects for securing the open web platform : the user security (including web crypto API, web authentication and HTTPS migration), the web app security (including CSP, sandboxing and HTTPS, again). Another track is about making sure that the development of the open web platform takes care about the security, and this implies having security reviews, handling with care the migration to HTTPS, and liaising with the rest of the world thanks to liaison and wide communication. See more about that security strategic plan here : https://github.com/w3c/websec/blob/master/security-roadmap.md

The migration towards an HTTPS world. A very interesting session was held during TPAC about trying to find the best path to make the web an HTTPS place. HTTPS is good says the W3C Technical Architecture Group. We all know that (well, kind of). But the path from HTTP to HTTPS may raise some serious challenges that Brad Hill explained very well in that document. The problem is about mixed content. How to make sure, once your website is mandating HTTPS, to still get content from website only running in HTTP ? What security measure should be taken when this situation happens ? Would not that be the weakest link that would kill the entire security promise… No conclusion was drawn from that discussion, but some solutions were excluding (for instance a 2 steps migration path that would be highly insecure for all the web).

W3C seeks for a security geek. Based on that ambitious plan, W3C has opened a position for strengthening the team, on security aspects. For more information, you should contact wendy from W3C (wseltzer at w3 dot org).

Web App Sec business as usual. Working hard and quietly, the Web App Sec is rolling out its plan. I have already mentioned the main topics being dealt in this Working Group, made of best security experts of major browser vendors. One may note that little by little, Web App Sec is providing developers with a tool box allowing to check integrity of a ressource (SRI), filter or log access to external ressources (CSP), access to specific API only in secure context (privileged Context) … Nevertheless, some recent activities are worth (re)mentioning, completing this intention :

COWL : is about Confinement with Origin Web Labels. In other words, this is a mean to lable some code and execute it carefully (because you dont trust it, because you want to allocate him less permission…). That work is in first public working draft (early stage of a spec) and is available here : http://www.w3.org/TR/cowl
Clear site data : is about allowing web app to kindly ask browsers to delete data related to itself. The spec is available here : http://www.w3.org/TR/clear-site-data/
Upgrade unsecured data : is about allowing web app dev to instruct browser to upgrade all interactions between client and server on HTTPS. the spec is available here : http://www.w3.org/TR/upgrade-insecure-requests/

You can have a look at the complete status of the Working Group deliverables edited by its co-chair Brad Hill.

Last but not Least. Some new work is being introduced in W3C.

Web Authentication. Is about allowing strong authentication from a web app. That working group will certainly be the place holder for W3C receiving FIDO Alliance specifications which are defining an API for authentication, attestation of a authentication device and signature. The draft charter is under construction here https://w3c.github.io/websec/web-authentication-charter

Hardware Security. Is about allowing web app to access secure services made available thanks to hardware based token (like secure chips, smart card, trusted execution environement). the ones knowing my everydays job will definitely recognize the usual technology I am playing with, and may understand the reason why I have offered to chair that working group, together with David Rogers, a mobile security expert. The draft charter is available here : https://w3c.github.io/websec/hasec-charter.html

Those two new pieces in W3C still have to go through the W3C member review before being actually up and running. Again, here, I will keep you informed.

[better web] security #TPAC2015 session with all sec friends: on @FIDOAlliance authentication, hardware security 🙂 pic.twitter.com/2WFIEDmzbU

— virginie galindo (@poulpita) October 28, 2015

W3C : rambling in W3C TPAC as a tech person

Being also a tech person, in the W3C TPAC week, I had the chance to visit different groups or brainstorming session and I am sharing here with you the result of me jumping from one room to another.

The Web Payment is a reality. The web payment activity is one of the most dynamic ones in W3C those months. The quest initiated here is to ease the access to payment means from a browser. Making sure that a one click button would allow a user to pay with means which is accepted by the merchants, available in the user context. The use case and priorities of the group have been discussed in the Web Payment Interest Group, but the more operational steps has happened in TPAC : the Web Payment WG kicked off. That Working Group will design an architecture and some APIs to make that payment feature in browser a reality. Let’s wish them success…

WebRTC is close to be closed. WebRTC is *suffering* from a large number of implementations (see is WebRTC ready yet ?) and the specification was late compared to market expectation. but the good news is that most of the technical problems have been answered. And the Web RTC group is now thinking about WebRTC Next Generation. The specification will go to CR soon (see for details by Dom on http://www.w3.org/2015/Talks/dhm-webrtc-ac/)

Sensor is progressing. Internet of things is something (buzz, trends, de facto, golden quest…), and it is also present in W3C. The sensor spec is about exposing to web apps sensor’s data. The spec is on its way, in the capable hands of Tobie Langel (Intel Corporation) and Rick Waldron (jQuery Foundation). If you wanna have a look at that API, the spec is here https://w3c.github.io/sensors/ and some more context about it can be found in the discussions held during TPAC between the sensor team and the Web of Thing team reported here

What about blockchain in the web ? Some may get nervous that everyone is talking about blockchain. And even TPAC breakout sessions deal about it. During an interesting session, NTTDoCoMo exposed the rationale for letting blockchain used by web apps, for use cases such as tracking peer to peer rights transfer or signing legal documents… This long term work may land in W3C, some days…

I could not attend all the Working Groups meeting and Breakout sessions that were held during W3C TPAC, but if you wanna have a taste of what is discussed in W3C, have a look at this report, and read minutes, issues and participants…

#TPAC2015 technical plenary Breakout sessions grid (soon on the Web) https://t.co/SKa9X6u5IX pic.twitter.com/z9yNH8X2yE

— W3C (@w3c) October 28, 2015

W3C : about being an Advisory Board Member

One of the important moment for W3C, the World Wide Web Consortium is TPAC. This is the week where all W3C members and W3C tech contributors all meet. Dozens of Working Group have their face to face meeting, and in parallel the Advisory Committee (AC) meets. AC is a room full of delegate (one per W3C member), meaning any company or university or startup having paid their W3C membership. This year, the big party was scheduled in Sapporo (Japan) and more then 550 people registered, more then last year where the location was the crowded Silicon Valley. Thus, a lots of people, a lots of amazing topics and discussions.

I have been participating there with several hats, as a tech person, as an advisory board member of w3c, as an AC rep, as a chair of a technical group, and finally as a general citizen of the web. I wanted to share with you all the goodness that came out of this crazy week. This post is the first on several, reporting about my experience, focusing on the Advisory Board aspects.

What is it to be an Advisory Board member ? The role of the AB is to give guidance to W3C management for W3C directions. That 2 years mandate is obtained thanks to election by W3C members. Basically, you campaign, and you are elected. The AB is made of 9 elected person, a chair, Jeff Jaffe CEO of W3C, and two magic supports (Coralie and Ralph). The team is playing well, with a lots of exchanges, different profiles and conflicting interests – which, I believe, guarantees that most interests will be preserved… W3C members and AB can continuously talk, but there are 2 occasions where the W3C members can formally express if they are happy or not, at TPAC and at a spring meeting, for a 2 days general assembly.

What are be the immediate tasks of the Advisory Board ? The AB had to treat a large number of topic which covers process management (which includes specification lifecycle but also governance rules), strategy of different W3C domains, priorities of the consortium, development of new activties or working methods and solving any question/problem raised by the membership … And here is the team to handle that !

#TPAC2015 AB, Sapporo: @natpt @koalie @jeff_jaffe @cwilso David @poulpita @t @mc2hampion Judy Jay @chaals @RalphSw27 pic.twitter.com/LAaa78tTXp

— W3C Advisory Board (@W3CAB) November 1, 2015

How to achieve that as an Advisory Board member ? After one year of exercising such mandate, it came to me that it is a difficult balance between taking initiative on behalf of W3C members versus spending time listening and gathering feedback…This week in TPAC, the dialog with the W3C membership was very quiet. Few interactions during the official meeting. Discussing in the corridor with a lot of members and my AB mates, it appeared to me some principles that we should always have in mind in order to be maintain basics of democracy in such organization.

Create real dialog with members – allowing them to influence the general assembly agenda and opening mic sessions
Clarify the pieces of discord and put them on the table, it will make sure all arguments pro and cons will be heard. When you have in the same room the media and ad industry and the EFF, there is some chances that you hear completely opposite vision of a single situation and thus can make your mind…
Leave some space uncontrolled, where all technical and strategic outcome are driven by few, not under the pressure to represent all opinion, but allowing to get straw man proposals (aka, the W3C Technical Architecture Group, lead by Tim Berners Lee, plays that role today),
Clarify priorities of the consortium, by vote, by any means, to make sure that you do not address all requests, but only the important ones,
Roll out pragmatic plan, with a unique champion to question and congratulate, adapted to your resources – and fine tune as you walk,
Listen to the silence and act when it is too loud (relooping…)

What is next for the AB ? In addition to the business as usual, I believe that W3C is facing some interesting challenges that I am committed to support:

modern tooling (aka including github and modern edition methods in working groups),
caring about the chairs and editors community
improve visibility of W3C activities to the public (thanks to the magic of Web APIs)
clarifying strategic plans (accessibility, security, HtML5 next, …),
kicking off a new group dedicated to discuss potential policy in W3C (like, taking position on topics where technology and society overlap).

Definitely only interesting and great challenges ! Will keep the web informed as long as the things progress !

The security question at Edge

Take 250 web developers, seat in front of them experts, and let them interact. This is EDGE conference. While being my first edge conference experience, I cross finger I will attend the next one. I went there to be part of a panel dedicated to security. And by having that lively and passionate debate, I have learned things, specially, how to move forward on security aspects on the web.

Security panel at #edgeconf pic.twitter.com/oFeALlZJDg

— Christian Heilmann (@codepo8) June 27, 2015

What was it about ? It was about HTTPS and certificate usage. The panelist were Yan (from Yahoo), Mike (from Google), Alex (from University of Michigan, Let’s Encrypt promoter), Patrick (from Financial Times) and all of us being moderated by Dan.

Yan setup the stage by reminding what are the attacks on the web (MITM, XSS, …) that HTTPS and CSP can help to solve. CSP is a way to control that only authorised resources are accessed (authorized means coming from a url you trust). At the same time Yan announced also a renaming of CSP into BATSHIELD to make it attractive, we hope you will enjoy it. Then came the origin question. HTTPS is a way for the browser to make sure that the service your are accessing is the one it pretends to be. And from there, we entered into the debate, here is a take away.

So what is it that we know about HTTPS ?

HTTPS allows point to point authentication and communication confidentiality, between the browser and the server. It helps to prove that Steve’s service is from Steve. HTTPS relies on public and private key management, which means key pairs, generated and certified by a certification authority (CA). In other words, CA will help blessing Steve’s key pair. CAs are recognized by browsers and this recognition relies on reputation. If a CA is reliable (aka known for doing Steve’s identity check properly and making sure to repudiate his certificate if he behaves badly on the internet) then browser will add it in its recommended CA. And all services associates with certificates and key pairs delivered by trustable CAs will be operated under HTTPS. Key pair generation and certificate issuance are a painful process for the web developers. In addition to migrate to HTTPS, they need to pay, few tenth of dollars and find a CA kind enough to have their certificate. In September, Let’s encrypt project is arriving https://letsencrypt.org/. It will make the certificate and key pair distribution automated, free and seamless. Thus it will reduce the barrier to entre the HTTPS world. The way this process will be reliable and automated is still to be discussed, but this initiative could be a serious enablers towards an HTTPS everywhere scenario.

And what is it that we don’t know ?

Does HTTPS really need to be end to end ? Some services may require some arrangement in the middle of the path, between the server serving the request and the browser. The kind of arrangement could be advertising loading, load balancing management, ….). If we were to open some non-HTTPS path in a HTTPS request, to favor the work on the intermediate elements, in charge of those arrangement, this would imply the risk to have middle box for monitoring also enabled. So on one hand there are some business interest to let some path HTTPS free, on the other hand, the breach opened here could favor pervasive monitoring… So one should ask if this is reasonable to only protect the last miles on the communication.

How should users be involved in the security cursor ? Users are warned today when a site is safe, with a green lock. It pushes him into a perception of security that may be over estimated. Some browser vendors would be in favor for waking up the user only if something is at risk. This opens the question to how far security should be visible to the user. It is the responsibility of the browser today to accept CAs and to operate HTTPS normally. Including an educated user could be good, but what if the user is not skilled enough and accept any CA ?

Does HTTPS make the entire web safe ? No. HTTPS is a mean to increase the security communication between a server and a browser. But it does not protect from (1) threat happening on the server side (what is server’s data are corrupted), (2) what is happening on the device side (what if some malicious application can explore and alter broser data), (3) the web developer private key protection (what is the service has his private key being compromised). So a complete answer to securing web business is also about answering those questions. But we dont know yet how to do that and have information about security context of the entire service.

What about restricting sensitive features of the web through HTTPS only connection ? This could become a possible way to increase user privacy and control. But some are claiming that this would force web developers and services to migrate to HTTPS for accessing specific features. Putting a higher technical barrier for deploying services (providing that certificates become free commons). Those last questions staid unanswered. Nevertheless this very good dialog with experienced web developers at #edgeconf allowed to hear pain points and fears from the audience. My take is a beginning of action plan to answer to those questions. Being involved in” problem solving by standard”, I would recommend that we create some fair places to discuss and solve the following questions :

HTTPS end to end best practices – including the middle box problem.
User involvement in security indication and management – including user experience concern and creating a standard for making the users indication clear
Guidelines and supporting tools for web developers to deploy HTTPS and endorse certificate usage (from whatever CA it comes from).

I guess that W3C and IETF may hear in the coming weeks about those suggestions about for keeping our web safe. Note : extensive notes are available here https://decadecity.net/blog/2015/06/27/edge-conf-security by Orde Saunders

W3C master plan for making the web a trusted place

Snowden has gone. Other privacy and or security stories happened. Some people might have forgotten but W3C does not and is still attempting to make the web more secure. Few pieces of technology reported here relates to that master plan.

W3C recommendation about Securing the Web is live.

That document named ‘Securing the Web’ is actually a finding from the stewards of the Web architecture, the W3C Technical Architecture Group, and deals with the usage of HTTPS. It basically says that it is preferable to actively use secure communication, to ease adoption of https:// and play with a trusted end-to-end TLS encryption on the Web (aka, do not use broken algorithms).

Web Crypto API is here (or almost).

The Web Crypto API has landed in several browsers, and it is under finalization. As soon as the testing activities will be completed and that two interoperable implementations will be evidenced, it will become an official W3C recommendation. In the meantime, you can still read Charles Engelke blog post [1] and table [2] tracking which browser implements which algorithm for which usage.

Spoiler : “RSA-PKCS1-v1_5 for digital signatures, RSA-OAEP for public key encryption, AES-CBC and AES-GCM for symmetric encryption, HMAC, and SHA-1 and SHA-2 hash functions are pretty much universally supported”

New WebAppSec guys mission, chosen.

The ones designing the web app security model are not legion, you can meet them in the W3C Web Security Working Group. If you want to know what they are willing to work on, you can have a look at their recently rechartered mission. Menu is impressive : garanteing web app silos, secure mashup, anti-clickjaking frames, user permission and HTTPS/HTTP juggling.

Security review will one day be natural.

There has been lots of discussions on the idea that W3C specification should actually go through a formal security revision. The main blocker from not implementing such a great idea is the lack of security experts, having enough time and money to perform an extensive and serious review. Mike West, from Google, started a security questionnaire that would help the editors and chairs of W3C groups to evaluate the sensitivity of the feature they are designing, and thus increasing awareness in the hole W3C community. The draft questionnaire is available here and anyone can contribute on the github project ! One should note that the W3C Privacy interest Group is also working on guidelines to help groups to reduce the fingerprint of the browser when designing their new features.

W3C TAG welcomed new security geeks.

Recent election in W3C Technical Architecture Group resulted in the addition of two skilled security members. Mark Nottingham from Akamai and Yan Zhu from Yahoo (yes, a girl in TAG, clap, clap, clap). This will definitely increase awareness of TAG on security best practices. Next challenge those two will face, is to clarify what are the types of resources in a browser that should only be accessed via a secure connection (aka Privileged Contexts).

All that good news will definitely favor the trust on the web.

And we should try to support it. As a reminder all W3C work is conducted in public and anyone is invited to bring their skills and share ideas. That is quite easy to do, as most of the working groups do have a public comment mailing list. Find the one you like and start contributing !

[1] http://blog.engelke.com/2015/03/

[2] https://docs.google.com/spreadsheets/d/14oTKnccypDRieszGLV7GbZXcIai0qLYOwgk_ELIj5A0/pubhtml

Note : picture by serge klk https://www.flickr.com/photos/sklkphoto/ under CC BY-NC-ND 2.0

150 days with W3C Advisory Board

It has been few months that I have been with the W3C AB. Me and my co-advisors have met 3 times face to face, and had monthly calls to address topics related to W3C governance and strategy.

What are we supposed to discuss ? Any topic that any W3C members representative would raise, but also, anything AB believe would be helpful to deal with, in order to consolidate a strategy. While the AB meeting minutes are for W3C members only, one should note that most of the activity is held in public. That is why I encourage any curious to have a look at the W3C AB public wiki.

What is under the spot ? In the recent weeks, AB members have been negotiating what would be their main priorities in the coming year. We collected several ideas, and ranked them, based on the relevance, and the energy each of us would be ready to put on it. We came with a list of 10 projects. And I would like to emphasis here some of them that would be of interest for any W3C member and non-member.

My fav one project. Designing a long term W3C strategy. Discussion will be around finding the main area of development, where W3C should invest in order to serve its different communities. This project is detailed on a public wiki and activity can be followed on the public mailing list on whihc anyone can subscribe.

My fav’ two project (so fav that I am leading it). Making sure we keep coordination across W3C communities. the rapid development of the open web platform feature, addressing different markets, causes multiple and parallel design of new technology. this project will make sure that the synchronization is kept across the different stake holders, from W3C staff to chairs and editors. It deals with communication, process and fluid knowledge. Public wiki and public mailing list are available. Our next call will be on the 1st of December at 16:00 UTC.

My fav’ three. W3C is facing a lots of creative, multiple and constant requests for new use cases, features, improvement. And on the other hand, W3C has to maintain the existing technology. Would it be possible to detect among the new coming topic, and among the maintained topic, the ones not destinated to success ? The ones that we should stop, in order to refocus W3C forces on on high priority topics. That project is documented on that wiki.

Some other remarkable initiatives. Not all the interesting stuff to make W3C better are done in Advisory Board. Recently I have noticed two remarkable initiatives.

1) a mailing list to track any W3C working group or interest group creation http://lists.w3.org/Archives/Public/public-new-work/

2) a mailing for working groups to request reviews on their specifications http://lists.w3.org/Archives/Public/public-review-announce/2014Nov/

A very good news. Some of you might have followed that W3C was working on a mean to better regroup web developers community. The good news is that W3C has endorsed the principle to have a web developer program, based on a minimum subscription, web dev will be able to demonstrate their W3C affiliation (or at least support). First details of the plan can be found under http://www.w3.org/2014/11/Webizen.html, or you may follow @W3C_Webizen Twitter account.

Obviously if you have any idea for improving W3C working methods, environment and process, feel free to post your ideas on the public mailing list public-w3process@w3.org (archives) or contact me on @poupita !

Note : picture “historic women at work” by Christine Myaskovsky

More women in W3C, and why not in W3C TAG ?

The W3C is a nice place to be. It warmly welcomes all web developers from all around the world and all companies involved in web planet and business. That is an interesting statement which is true in general. Nevertheless, this place still need to make effort in terms of diversity. International representation, small business representation, equal gender representation… The good news is that there is a coming election, which might be the right time to have minorities jumping in. The W3C Technical Architecture Group is renewing 5 seats out of 9 seats. This working group is made of participants, elected by W3C members. Its mission is to maintain the technical consistency of the open web platform. A nice mission, right ? That would fit to any good architect of the web, man or woman, I guess. How do elections work ? W3C TAG candidates are nominated by W3C members. Then among the nominated people, the W3C members will choose 5 of them.

The reason why I am advertising that election, is that I believe that more women should join the W3C TAG. Just like anyone should. But my voice here, is more to say “listen, girls, you may not realize it, but you may fit the job”.

So if you are working for a company being a W3C member, or not. And if you feel that your skills and experience will be valuable for better shaping the web. And if you would like to be part of a great team, at least, made of Daniel Appelquist (@torgo, from Telefónica), David Herman (@littlecalculist from Mozilla Foundation), Tim Berners Lee (@timberners_lee from W3C) and Peter Linss (@plinss from HP). Don’t think twice, contact your W3C representative to be nominated or look for people in you network that could nominate you. This W3C representative will have to answer the Call for Nomination here https://www.w3.org/2002/09/wbs/33280/tag-201411/ and will give you a chance to run for the W3C TAG election.

Few days left to run for that election. The deadline for being nominated is 23:59, Boston time on 30 November 2014. Go girls !