Updates

Web standards

2019

The Internet Engineering Task Force (IETF) has introduced manufacturer usage descriptions (MUD) which provides the basic framework to allow manufacturers to provide policy that can be used to generate IP-based access lists. This feature will detect and possibly prevent Internet of things (IoT) devices to unrestrictedly access the network, but only allow them to connect to the dedicated services. MUD is realised as RFC 8520.

On March 12, IETF issued a new RFC 8555 for the Automatic Certificate Management Environment. With this new standard, issuing of certifications for websites will be automated and with no human intervention. Previously this process was manual only. ACME will preserve the same level of protection and security. The first version of ACME was developed by the Let’s Encrypt certification authorities back in 2015. Since then many certificate authorities introduced this new standard.

2018

Sir Tim Berners-Lee launched a call to sign the ‘Contract for the Web’.  The contract appeals to governments, companies, and ‘netizens’ to improve Internet accessibility, privacy, confidentiality of user data, and to keep the Internet free and safe by respecting ‘civil discourse and human dignity’. The document has been already signed by representatives of 60 companies, including Google, Facebook, and governments. In Berners-Lee’s opinion, today we need new ‘clear and strict’ standards for those players who have enough influence to make the Internet better. The standards proposed in the contract will be finalised after consultations with governments and companies.

The International Organization for Standardization (ISO) published an Internet of Things (loT) Reference Architecture (IoT RA) standard. The standard regarding IoT and related technologies was published on 1 November 2018. The standard aims to provide the framework for designers and developers in the IoT field. The standard is developed under the technical committee information technology, and IoT development. Find out more about the standard here.

In a set of newly approved standards, Internet Engineering Task Force (IETF) approved new technique in protecting authentication tokens from replay attack. Authentication tokens are widely used on Internet. Instead of log in with your credential every time you access your favorite website, your browser shows the server your authentication token. Those tokens could be stolen and later misused in identity theft, or stealing information from services, without a need of knowing your passwords. This vulnerability is known as a ‘replay attack’. New standards propose the creation of pair of cryptographic keys to link personal device to authentication token. One key would be stored on personal device and second one would be public. In this way authentication tokens would correspond with the user device only, blocking the use from different device.

Set of standards included are: Request for Comments: 8471, (Token Binding Protocol), Request for Comments: 8472, and Request for Comments: 8473 (Token binding over HTTP)

After a great success of the Accelerated Mobile Pages (AMP), Google is decided to give away of control how code is behaving in the background. AMP format which Google developed in a open source manner with the contribution of Google employees and all of the community, enables the high speed access of the online content on mobile phones. Accelerated Mobile Pages (AMP) is widely used now, across the thousands of websites.

Pages

 

The GIP Digital Watch observatory is provided by

 

 

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top