Web standards


The National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence (NCCoE) published draft guidelines titled ‘Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)’ for public consultation. The guide is intended for IoT device and gateway manufacturers, communications service providers, and users of IoT devices. The guide focuses, among others, on the role MUD can play in achieving network security. The MUD architecture was introduced last month by the Internet Engineering Task Force (IETF) and is designed to make sure IoT devices conduct themselves only as intended by their manufacturers. The deadline for public comments is June 24.

The Internet Engineering Task Force (IETF) has introduced manufacturer usage descriptions (MUD) which provides the basic framework to allow manufacturers to provide policy that can be used to generate IP-based access lists. This feature will detect and possibly prevent Internet of things (IoT) devices to unrestrictedly access the network, but only allow them to connect to the dedicated services. MUD is realised as RFC 8520.

On March 12, IETF issued a new RFC 8555 for the Automatic Certificate Management Environment. With this new standard, issuing of certifications for websites will be automated and with no human intervention. Previously this process was manual only. ACME will preserve the same level of protection and security. The first version of ACME was developed by the Let’s Encrypt certification authorities back in 2015. Since then many certificate authorities introduced this new standard.

Sir Tim Berners-Lee launched a call to sign the ‘Contract for the Web’.  The contract appeals to governments, companies, and ‘netizens’ to improve Internet accessibility, privacy, confidentiality of user data, and to keep the Internet free and safe by respecting ‘civil discourse and human dignity’. The document has been already signed by representatives of 60 companies, including Google, Facebook, and governments. In Berners-Lee’s opinion, today we need new ‘clear and strict’ standards for those players who have enough influence to make the Internet better. The standards proposed in the contract will be finalised after consultations with governments and companies.

The International Organization for Standardization (ISO) published an Internet of Things (loT) Reference Architecture (IoT RA) standard. The standard regarding IoT and related technologies was published on 1 November 2018. The standard aims to provide the framework for designers and developers in the IoT field. The standard is developed under the technical committee information technology, and IoT development. Find out more about the standard here.

In a set of newly approved standards, Internet Engineering Task Force (IETF) approved new technique in protecting authentication tokens from replay attack. Authentication tokens are widely used on Internet. Instead of log in with your credential every time you access your favorite website, your browser shows the server your authentication token. Those tokens could be stolen and later misused in identity theft, or stealing information from services, without a need of knowing your passwords. This vulnerability is known as a ‘replay attack’. New standards propose the creation of pair of cryptographic keys to link personal device to authentication token. One key would be stored on personal device and second one would be public. In this way authentication tokens would correspond with the user device only, blocking the use from different device.

Set of standards included are: Request for Comments: 8471, (Token Binding Protocol), Request for Comments: 8472, and Request for Comments: 8473 (Token binding over HTTP)

Web standards are a set of formal standards and technical specifications for the world wide web. They ensure that content is accessible across devices and configurations, and therefore provide the core rules for developing websites.

The main content and applications standards include: HyperText Markup Language (HTML), a plain text language which makes use of tags to define the structure of the document; eXtensible Markup Language (XML), another type of language used for sharing structured information; Cascading Style Sheets (CSS) a language used in conjunction with HTML to control the presentation of web pages; and eXtensible HTML (XHTML), an extended version of HTML which uses stricter rules.


Web standards in context

By the late 1980s, the battle of network standards was over. TCP/IP gradually became the main network protocol, marginalising other standards. While the Internet facilitated normal communication between a variety of networks via TCP/IP (see Technical Standards), the system still lacked common applications standards.

A solution was developed by Tim Berners-Lee and his colleagues at CERN (the European Organization for Nuclear Research) in Geneva, consisting of a new standard for sharing information over the Internet, called HTML. Content displayed on the Internet first had to be organised according to HTML standards. HTML, as the basis of the World Wide Web, paved the way for the Internet’s exponential growth.

Since its first version, HTML has been constantly upgraded with new features. The growing relevance of the Internet has put the question of the standardisation of HTML into focus. This was particularly relevant during the Browser Wars between Netscape and Microsoft, when each company tried to strengthen its market position by influencing HTML standards. While basic HTML only handled text and photos, newer Internet applications required more sophisticated technologies for managing databases, video, and animation. Such a variety of applications required considerable standardisation efforts in order to ensure that Internet content could be properly viewed by the majority of Internet browsers.

Application standardisation entered a new phase with the emergence of XML, which provided greater flexibility in the setting of standards for Internet content. New sets of XML standards were also been introduced, such as the standard for the distribution of wireless content called Wireless Markup Language (WML).

Setting web standards

The main web standard-setting institution is the World Wide Web Consortium (W3C), headed by Tim Berners-Lee. Standards are developed through an elaborate process which aims to promote consensus, fairness, public accountability, and quality. At the end of the process, standards are published in the form of Recommendations.

When it comes to an open approach to standards development, W3C – in addition to other bodies such as the Institute of Electrical and Electronics Engineers (IEEE), the Internet Engineering Task Force (IETF), the Internet Architecture Board (IAB), and the Internet Society – subscribes to the Open Stand initiative, an affirmation of principles that encourages the development of open and global market-driven standards.

W3C standards define an open platform for the development of applications, which enables developers to build rich interactive experiences. W3C states that ‘although the boundaries of the platform continue to evolve, industry leaders speak nearly in unison about how HTML5 will be the cornerstone for this platform.’

It is interesting to note that in spite of its high relevance to the Internet, so far, the W3C has not attracted much attention in the debate on Internet governance.

Other institutions involved in standards include the European Computer Manufacturers Association (ECMA), an association of companies whose main role is to develop Standards and Technical Reports.

Possible gaps in dealing with web standards

As with technical standards, the possible gap in the development of web standards is related to the coverage of non-technical aspects (e.g. human rights, competition policy, and security). Web standards have an even stronger impact on these non-technical aspects since, more so than technical standards, they shape the ways in which the Internet is accessed and used.




Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)


A Security Analysis of Emerging Web Standards. HTML5 and Friends, from Specification to Implementation (2012)
Wireless Application Protocol WAP 2.0 Technical White Paper (2002)
A Protocol for Packet Network Intercommunication (1974)

GIP event reports

UNIDIR Cyber Stability Conference: Strengthening Global Engagement (2019)
30th Anniversary of the World Wide Web (2019)
Universal Acceptance – Is the Internet Reaching the People it Needs to? (2018)


Click on the ( + ) sign to expand each day.

The GIP Digital Watch observatory is provided by



and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top