web

The W3C Needs a Dashboard

letters

I recently had some discussions with mozillians on ways they could contribute to the W3C working group I am chairing [1]. This question made me rethink about the magic path individuals have to go through to contribute to W3C work.

W3C is a place where contributions are welcome, free, easy to do. For my readers not familiar with the W3C process, most working groups, interest groups, business groups have public mailing lists for member contributions, but also mailing list dedicated to comments – the lists managed by W3C can be found here : http://lists.w3.org/. In addition, there always are contacts given for editors, chairs, W3C staff, aiming to ease the direct exchange.

But. If you wish to contribute, it means that you have to solve another bigger problem. It means that you have to be able to identify that something is going on in W3C, expecting your review, expertise and nasty comments.

For individuals belonging to W3C member companies, that is relatively easy. Members are represented by Advisory Committee representatives. All AC reps gather twice a year, in nice places, where the W3C staff share both status and hugs. The meeting content is tailor-made for members, with overviews, and focus on specific topics. And this is usually ok. So, if the AC rep attends that meeting, if the AC rep reports to his team(s), that is the perfect situation. But if not…

For non-W3C members, curious individuals, start-ups, geeks, this is another story. They must monitor the W3C’s activities on their own. They can make sure they register to the excellent newsletter that the W3C team issues on a weekly basis. Press, blog and actual publication or specification transitions are collected here http://lists.w3.org/Archives/Public/public-w3c-digest/. They can visit all working groups blogs, wikis, githubs praying that they are maintained. They can also subscribe to the public mailing lists and read (thousands of emails). If they have time. But who has that time ?

I am paid to be an AC rep’, I love W3C; as chair, I am trying as much as possible to spread the word to the public. I am also reporting inside my company, making status updates, consolidating information I am grabbing on different media, creating dashboards, explaining trends, mentioning implementations… This takes time. This costs money to small companies.

This is why I think it would be worth having nice and structured dashboards for each domain handled by W3C, made available to anyone, contributors, developers, but also decision makers. Giving a global view on what is going on in W3C, what are the current priorities. Something like for the mobile area here : http://www.w3.org/Mobile/mobile-web-app-state/ but for all the domains.

I know. This is easy to ask, less easy to deploy. But I’d be happy to help, to make sure all the potential contributors can actually be aware of what is going on in the W3C kitchen.

 

[1] initial conversation about contribution blockers in W3C : https://twitter.com/annevk/status/444069161321242624
Note : photo credit: Jodaur via photopin cc

Web Security : a snapshot from W3C

snapshot

For the past few months the web has been in the headlines for bad reasons (but also for good reasons such as its 25th anniversary). The bad side pointed out a regular basis concerns broken servers, denial of service attacks, leaking connected-apps, massive internet monitoring… Everyone’s wondering what are we doing so wrong? Well. First, people have to eat, so business does go on. But once given food, and this is the good news, people are talking about security problems. Realizing they must change something. Alone. Together. Against. But they must move. And organizations such as the W3C are fostering those discussions. People exchange views, make alliances, start thinking about solutions. After all, this is what standardization bodies like the W3C are made for. Find collective solutions, serve both business and social interests. Let me share with you few interesting evolutions:

* Strong web apps, strong internet

Prior to the last IETF meeting, the STRINT workshop took place, the tag line of which was ‘strengthening the internet against pervasive monitoring’. From both W3C and the IETF, attendees discussed how to bind the existing internet specs to make them stronger, but also discussed new features to think about, to avoid facing more governmental invasion in the internet flow. While waiting for the report, one can read the minutes.

(more…)

W3C security roadmap needs you !

W3C security sessionTwo weeks ago, W3C held its yearly event, named TPAC, gathering most W3C Working Groups, all official W3C members and most of the W3C team. This impressive stack of geeks, combined with the fact that the venue was great, and lunch and dinners were also organized by W3C, lead to an impressive density of interesting conversation. While having spied a lot, I am reporting here things related to security, which was one of my drivers to be there (in addition to friends, curiosity, and spending one week on the other side of the globe). (more…)

[ParisWeb] Security Take Away

logo-parisweb-2013

ParisWeb is a french-european event gathering web developers motivated for doing things right : quality, accessibility and standard. Last week the conference was held Place de la Bourse, in Paris downtown. That conference is known to be terrific, as people are sharing their experience, their good practice, their good feelings. Every talk is an opportunity to learn something and meet smart people. Here is a first post, reporting the security conversation that happened in Palais Brongniart. (more…)

OWASP in Paris : Diving in Firefox OS Security !

You might have heard about it, a new mobile operating system was announced few months ago : Firefox OS, by Mozilla.This mixing of a browser product together with the ‘OS’ word is not a typo. It is a new type of operating system, web based, which will get rid of the open-but-proprietary mobile operating systems. On a web-based operating system, web apps will be the application bringing the services to the user. And Mozilla, is offering to have HTML5/CSS3 web apps running on their Firefox OS. Together with special APIs, names Web APIs that will enable some mobile-phone related features, such as access to phone call, SMS, and few other nice things.

So, yes, Firefox OS has landed in the mobile area … and its security challenges too. Imagine : a web engine, on which you execute applications, based on the web security model, which main security constraint is the single origin policy (any resource used by a web app must be from the same origin). If the ambition is really to port any kind of service on the web, including the highly sensitive ones, this imposes to have more constraints on the application and execution model. And this is what Mozilla has been integrating in their OS design and application deployment scheme. This is this nice story that Paul Theriault @creativemisuse, Mozilla Corporation, came to tell in Mozilla Paris offices this week, during a meeting organized by OWASP French Chapter. Here are the basics to remember about the Firefox OS security model :

– There will be several categories of web app : normal web apps, privileged web apps, certified web apps.

– Normal webapps are the ones with the lowest right, they can *only* use HTML5 and CSS3.

– Privileged and certified web apps are accessing the Web APIs, and will be submitted to the user permissions. The user will have to grant access when the web apps will actually access those APIs.

– Certified web apps will the ones accessing sensitives Web API, related to the mobile phone system. At the moment, certified apps are only developed by Mozilla and built in the mobile device, before going on the field. The so-preserved APIs are the ones related to TCP socket, mobile network, system XHR, alarms…

– Each web app will have dedicated cache and cookies memory.

– Web apps and browser will run in a separate thread, allowing to preserve the permissions and isolation during execution.

A video is available there, and will definitely make you better understand the main challenges that Mozilla is facing with their crazy idea to put the web on a mobile.

And, as all the activities of Mozilla are public and open to contributors, the ones interested in security aspects can stay tuned on https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security

UnionWeb, une petite fédération qui pourrait bien devenir grande !

unionweb4-630x224Cette semaine, un petit évènement a eu lieu à Paris. Un petit évènement qui pourrait bien être le début de quelque chose de grand. UnionWeb a été lancé. UnionWeb est une toute jeune fédération qui vise à réunir les acteurs du web, quel que soit leur statut : individus, auto-entrepreneurs, salariés, PME, association, école, personne morale ou physique, tout le monde peut devenir adhérent est bénéficier de l’énergie positive qui se dégage de cette initiative.

Les acteurs du web sont légions aujourd’hui. Ils forment un ensemble fragmenté, réunis au sein de courants ayant des objectifs distincts. Ces courants animent de différentes façon la vie économique et les débats liés au numérique  en France. Les traditionnels : Syntec Numérique réunit les entreprises du numérique incluant également une branche Femmes du Numérique [1], le Conseil National du Numérique, composés de membres nommés par le gouvernement, conseille en matière de stratégie numérique [2]. Les formes un peu innovantes : la Fing (Fédération Internet Nouvelle Génération) qui supporte des initiatives croisées avec des acteurs publiques et privés sur l’innovation [3]. Les associations : Netexplo, un acteur incontournable sur l’observation de l’impact du web sur nos sociétés, soutenu par les grands groupes du CAC40 [4], Social Media Club qui fédère les acteurs qui s’intéressent aux réseaux sociaux et stratégies digitales, avec des bureaux à Paris, Marseille, Lille et Rennes [5], ou encore GirzlInWeb qui soutient et promeut l’entrepreneuriat féminin [6].

Les villes ont également leurs propres dynamiques. Avec des évènements ponctuels  tels que des startup week end, des hackaton, ou des barcamp. Il existe également plusieurs conférences qui adressent les problématiques du web en général telles que Web In Lorient, Paris Web, Sud Web, Web2Day à Nantes, web-5 à Bézier, Futur En Seine à Paris … L’innovation digitale se focalise souvent autours de lieux tels que des incubateurs ou des lieux de co-working  (Silicon Sentier et le réseau des cantines). Par ailleurs, cette carte se déplacera encore lorsque l’initiative des Quartiers Numériques lancée par Fleur Pellerin se déploiera à Paris.

Un réseau solide et distribué. Un des défis de UnionWeb sera de construire un réseau solide et distribué sur le territoire français. Toutes ces initiatives privées et publiques créent aujourd’hui de l’innovation, de la valeur, des réseaux formels et informels. Cependant ceci n’est pas suffisant. L’économie du numérique représentera une part non négligeable de nos richesses de demain, et c’est donc pour cela qu’il faut se préparer et s’organiser. Une fédération est un excellent moyen de renforcer un réseau d’individus riche et innovant, sur la base de valeurs de partage et de solidarité. Car c’est ainsi que Magali Boisseau et Marie Laure Vie présentent UnionWeb lors de la soirée de lancement qui a eu lieu le 12 Juin. UnionWeb a pour vocation de réunir les adhérents, de les aider à monter en compétence, de les accompagner sur leurs projets et de mutualiser les réseaux des individus. Les premières actions proposées seront  des rencontres composées de lightening talks et d’ateliers pratiques. Le partage par le biais de e-learning fait également partie du plan, pour tenir compte de la distribution des adhérents sur tout le territoire. Le programme des actions d’UnionWeb évoluera sans doute puisque la fédération est en période de recrutement, mais la proposition est d’ores et déjà intéressante.

Souhaitons que cette initiative prenne sur notre territoire et donne lieu à de belles rencontres !

Pour en savoir plus sur UnionWeb :

– Soirée de lancement vidéo, storify, slides, communauté

– Interview de Magali Boisseau sur Good Morning Business

– Trouver UnionWeb :  site web et Twitter @UnionWeb

Linkographie :

[1] Syntec Numérique : site web et Twitter @syntecnumerique

[2] Conseil National du Numérique : site web et Twitter @CNNum

[3] Fing : site web et Twitter @La_Fing

[4] Netexplo : site web et Twitter @Netexplo

[5] Social Media Club : site web et Twitter @SMCFrance

[6] GirlZinWeb : site web et Twitter @GirlZinWeb