Share on FacebookTweet

The World Wide Web Consortium (W3C) Advisory Committee has elected the W3C Advisory Board

Starting from 1 July, the W3C Advisory Committee will fill the seven empty chairs of the W3C Advisory Board. The W3C Advisory Board (AB) provides ongoing guidance to the W3C team on issues of strategy, management, legal matters, process, and conflict resolution. New elected participants are: Elika J Etemad (W3C invited expert), Charles McCathie Nevile (ConsenSys), Avneesh Singh (DAISY Consortium), Eric Siow (Intel), Léonie Watson (TetraLogical), Chris Wilson (Google), and Hongru Judy Zhu (Alibaba), will join continuing participants Junichi Jay Kishigami (NTT), Florian Rivoal (W3C invited expert), Tzviya Siegman (Wiley) and David Singer (Apple). Read the full statement here

NIST publishes preliminary IoT cybersecurity practice guide

The National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence (NCCoE) published draft guidelines titled ‘Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)’ for public consultation. The guide is intended for IoT device and gateway manufacturers, communications service providers, and users of IoT devices. The guide focuses, among others, on the role MUD can play in achieving network security. The MUD architecture was introduced last month by the Internet Engineering Task Force (IETF) and is designed to make sure IoT devices conduct themselves only as intended by their manufacturers. The deadline for public comments is June 24.

IETF introduces manufacturer usage descriptions to help secure IoT devices

The Internet Engineering Task Force (IETF) has introduced manufacturer usage descriptions (MUD) which provides the basic framework to allow manufacturers to provide policy that can be used to generate IP-based access lists. This feature will detect and possibly prevent Internet of things (IoT) devices to unrestrictedly access the network, but only allow them to connect to the dedicated services. MUD is realised as RFC 8520.

Automatic Certificate Management Environment (ACME) standard

On March 12, IETF issued a new RFC 8555 for the Automatic Certificate Management Environment. With this new standard, issuing of certifications for websites will be automated and with no human intervention. Previously this process was manual only. ACME will preserve the same level of protection and security. The first version of ACME was developed by the Let’s Encrypt certification authorities back in 2015. Since then many certificate authorities introduced this new standard.

Facebook and Google signed the ‘Contract for the Web’ proposed by Tim Berners-Lee.

Sir Tim Berners-Lee launched a call to sign the ‘Contract for the Web’.  The contract appeals to governments, companies, and ‘netizens’ to improve Internet accessibility, privacy, confidentiality of user data, and to keep the Internet free and safe by respecting ‘civil discourse and human dignity’. The document has been already signed by representatives of 60 companies, including Google, Facebook, and governments. In Berners-Lee’s opinion, today we need new ‘clear and strict’ standards for those players who have enough influence to make the Internet better. The standards proposed in the contract will be finalised after consultations with governments and companies.

The International Organization for Standardization (ISO) published an Internet of Things (IoT) Reference Architecture (IoT RA) standard

The International Organization for Standardization (ISO) published an Internet of Things (loT) Reference Architecture (IoT RA) standard. The standard regarding IoT and related technologies was published on 1 November 2018. The standard aims to provide the framework for designers and developers in the IoT field. The standard is developed under the technical committee information technology, and IoT development. Find out more about the standard here.

IETF approves new standards for authentication tokens

In a set of newly approved standards, Internet Engineering Task Force (IETF) approved new technique in protecting authentication tokens from replay attack. Authentication tokens are widely used on Internet. Instead of log in with your credential every time you access your favorite website, your browser shows the server your authentication token. Those tokens could be stolen and later misused in identity theft, or stealing information from services, without a need of knowing your passwords. This vulnerability is known as a ‘replay attack’. New standards propose the creation of pair of cryptographic keys to link personal device to authentication token. One key would be stored on personal device and second one would be public. In this way authentication tokens would correspond with the user device only, blocking the use from different device.

Set of standards included are: Request for Comments: 8471, (Token Binding Protocol), Request for Comments: 8472, and Request for Comments: 8473 (Token binding over HTTP)

Google announced the open governance model for its AMP format

After a great success of the Accelerated Mobile Pages (AMP), Google is decided to give away of control how code is behaving in the background. AMP format which Google developed in a open source manner with the contribution of Google employees and all of the community, enables the high speed access of the online content on mobile phones. Accelerated Mobile Pages (AMP) is widely used now, across the thousands of websites.

New emoji for persons with disabilities on the horizon

According to Ace Ratcliff at the Huffington Post, Disabled People (Might) Finally Get Emojis That Represent Us, changing a scenario that currently has only one of 2,666 emojis representing persons with disabilities. Apple recently unveiled a proposal to the Unicode Consortium, suggesting 13 new emoji developed in consultation with community organisations like the American Council of the Blind, the Cerebral Palsy Foundation, and the National Association of the Deaf.

                                                                                       13 new emoji proposed by Apple

                                                                                         13 new emoji proposed by Apple
                                                                                          Isabella Carapella/HuffPost/Apple

The author notes that the lack of emojis is just one way in which persons with disabilities are underrepresented in society, stating that 'Apple’s 13 proposed emojis may be what society needs to recognise that disability representation is sorely needed and long overdue'.

The World Wide Web Consortium invites for implementation of HTML 5.2

The World Wide Web Consortium's Platform Working Group invites for the implementations of HTML 5.2 Candidate Recommendation.This specification defines the 5th major version, second minor revision of the core language of the World Wide Web: the Hypertext Markup Language (HTML). It also calls for stronger implementation of the Encrypted Media Extensions recommendations made by W3C earlier in March 2017. These standards also might have implications for accessibility, particularly for persons with disabilities [link]

Share on FacebookTweet