The new type of verifiable identifier doesn’t require a centralized registry and it will enable individuals and organizations to take better control of their online information while providing greater security and privacy, according to W3C. 

Users will be able to take email addresses and social network addresses along with them whenever they want to switch between service providers, and this information can last for as long as their controller wants to continue using them in a similar way to how some individuals can take their mobile number with them when switching carriers.

DIDs also enable the controller to verify ownership of the DID using cryptography, allowing for more trustworthy transactions online. 

“Fundamentally, Decentralized Identifiers are a new type of globally unambiguous identifier that can be used to identify any subject (e.g., a person, an organization, a device, a product, a location, even an abstract entity or a concept). Each DID resolves to a DID document that contains the cryptographic material and other metadata for controlling the DID,” W3C wrote in a blog post.

The foundational pillars of DIDs are:

1. They do not require a central issuing agency and are decentralized
2. They do not require the continued operation of an underlying organization (persistent)
3. Control of DIDs, and the information they are associated with, can be proven cryptographically
4. DID metadata can be discovered 

The post W3C announced Decentralized Identifiers (DIDs) v1.0 as official web standard appeared first on SD Times.

Apple, Google, Microsoft, and Mozilla are among the first to initiate this group, but the WebExtensions Community Group also welcomes other browser vendors and extension developers to join. 

“With multiple browsers adopting a broadly compatible model for extensions in the last few years, the WECG is excited to explore how browser vendors and other interested parties can work together to advance a common browser extension platform,” the W3C team wrote in a post. 

The goal of WECG is to come up with a common vision for extensions and work on standardization. 

More specifically, it hopes to make it easier to develop extensions by providing a consistent model and common set of functionality, APIs, and permissions. It also plans to outline an architecture that improves performance, is more secure, and is more resistant to abuse. 

According to the W3C team, the WECG’s work will be driven by a set of HTML and W3C TAG principles: user-centered, compatibility, performance, security, privacy, portability, maintainability, and well-defined behavior. 

It will use the existing extensions model and APIs currently supported by Chrome, Edge, Firefox, and Safari as a starting point. 

The W3C team also clarified that it does not want to come up with a specification for every aspect of the web extensions platform. “We want browsers to keep innovating and shipping APIs that may serve as the basis for further improvement of the web extensions platform.

In addition, we don’t plan to specify, standardize or coordinate around extension signing or delivery. Each browser vendor will continue to operate their extension store fully independently, with their own technical, review, and editorial policies,” the W3C team wrote. 

The post Apple, Google, Microsoft, Mozilla form WebExtensions Community Group appeared first on SD Times.

“Today’s landmark achievement is timely. Faced with a global pandemic of the COVID-19 coronavirus, the world has gone more and more virtual. It makes the Web even more crucial to society in information sharing, real-time communications, and entertainment,” said Jeff Jaffe, W3C CEO. “It is gratifying to see our technologies playing a key role in enabling such critical digital infrastructure. Combining the universal reach of the Web with the richness of live audio & video conversations has reshaped how the world communicates.”

RELATED CONTENT:
WebRTC: The road to standardization
WFH reveals an ‘I’ in team

WebRTC provides a JavaScript API for web real-time communications and a suite of communication protocols. It eliminates the need to install plugins or download additional applications for audio/video communication. Google first brought up the idea to create WebRTC in 2009 as an alternative to Adobe Flash and apps that didn’t work in the browser. “The previous generation of browser-based products were built on top of licensed proprietary technology. Various products were built with this technology, including Hangouts. Google then acquired the companies it had been licensing the technology from and made it available as the open source WebRTC project,” Huib Kleinhout, product manager at Google, wrote in a post. From there, the standardization of WebRTC kicked off with other industry leaders including Mozilla, Microsoft, Cisco and Ericsson collaborating on it.

The organizations see the WebRTC framework being used to provide tele-education, tele-health, entertainment, gaming, professional and workforce collaboration solutions.

Beyond video conferences and collaboration systems in the web browser, the W3C WebRTC working group is working on providing end-to-end encryption for server-mediated videoconferencing; live video processing of audio and video feeds; and Internet of Things use cases. The W3C is also working on WebTransport and Web Codec to bring low-latency streaming to the broader media and entertainment ecosystem.

The IETF on WebTransport and Ingest Signaling over HTTPS working groups are currently working on new protocols to support the WebTransport API, and HTTPBIS for WebRTC-based audiovisual sessions between broadcasting tools and networks.

“Voice and video over IP revolutionized the way that people communicate around the world,” said IETF Chair Alissa Cooper. “Integrating these technologies into the Web platform has dramatically expanded their reach. Thanks to close collaboration between the IETF and W3C to standardize these technologies. WebRTC has enabled billions of people to connect and engage with each other during the COVID-19 pandemic, regardless of device or geography.”

The post The W3C and IETF make WebRTC an official standard appeared first on SD Times.

RELATED CONTENT: Getting started on the accessibility track

“The web is the ultimate equalizer. If you have access to an Internet connection you have access to essentially unlimited knowledge at your fingertips, no matter who you are or where in the world you may be from. Unfortunately, this is not actually true for folks that need assistance to access the Internet. While accessibility standards have been around for some time it hasn’t been until recently that accessibility has become a focus for websites and applications,” said Carl Bergenhem, product manager for Kendo UI at Progress.

Additionally, it’s hard to build something that developers don’t understand, it takes a lot of work to maintain, and a majority of developers’ clients aren’t necessarily going to be affected by a disability, Bergenhem explained. “Developers are struggling with implementing accessibility compliance because application requirements are becoming more complex while deadlines stay the same or get even tighter. Ensuring accessibility compliance takes time and dedication. Unfortunately as projects fall behind and deadlines loom, accessibility is one of the first things to go,” he said. 

The Progress Web Accessibility Guidebook for Developers is designed to make web accessibility as much as a priority as any feature or bug fix. The guidebook covers why accessibility is important, current legislation that is working to make accessibility a mandatory feature, types of disabilities and accessibility best practices, and an introduction to assistive technology. 

The guide also provides best practices on how organizations can ensure its developers understand web accessibility through education, documentation, usability and accessibility. 

According to the W3C, when websites, mobile apps, technologies and tools are not designed to for people impacted by a disability, they create barriers and exclude people from accessing the web. 

“The Web must be accessible to provide equal access and equal opportunity to people with diverse abilities. Indeed, the UN Convention on the Rights of Persons with Disabilities recognizes access to information and communications technologies, including the Web, as a basic human right,” according to the W3C’s website. 

The latest version of W3C’s Web Content Accessibility Guidelines adds new criteria for low-vision requirements and improves guidelines around cognitive, language and learning disabilities. It also goes over four principles of accessibility: perceivable, operable, understandable, and robust. 

“While it is nice to read over and discuss the standards and how to follow them, we cannot improve our knowledge around accessibility without actually attempting to implement it. Learning by doing is the only true way to improve. So, attempting to follow accessibility standards, testing the result to see what feedback is provided, and implement the suggested improvements will help any developer become more familiar with accessibility,” said Bergenhem.

Other resources developers can access on web accessibility include:

• Understanding the Web Content Accessibility Guidelines by Mozilla
• A free web accessibility course by Google 
• And We have web accessibility in mind, an organization dedicated to providing education to developers and businesses. 

The post Progress releases Web Accessibility Guidebook for developers appeared first on SD Times.

As a result, the groups are signing a Memorandum of Understanding, handing most of the developing power to WHATWG and putting W3C in the roll of providing input and endorsements.

According to the agreement, WHATWG will maintain the HTML and DOM Living Standards, while W3C will facilitate community work directly in the WHATWG repositories.

In addition W3C is ending its publishing of its designated list of specifications and will work to take WHATWG Review Drafts to W3C Recommendations.

The organizations worked together for a number of years after WHATWG’s formation in 2004. However, the schism in HTML specifications grew in 2011 when “the W3C wanted to publish a ‘finished’ version of HTML5, while the WHATWG wanted to continue working on a Living Standard for HTML, continuously maintaining the specification rather than freezing it in a state with known problems, and adding new features as needed to evolve the platform,” as stated in the WHATWG HTML standard.

The post W3C and WHATWG to collaborate on single HTML and DOM specifications appeared first on SD Times.

“Today we use our digital identity at work, at home, and across every app, service, and device we engage with. It’s made up of everything we say, do, and experience in our lives—purchasing tickets for an event, checking into a hotel, or even ordering lunch. Currently, our identity and all our digital interactions are owned and controlled by other parties, some of whom we aren’t even aware of,” the company wrote in a white paper.

According to the company, a standards-based decentralized identity system can enable users to take control of their data, provide a digital hub to store and access their digital identities, and provide stronger trust and security across apps, devices and service providers.

Microsoft has been working on this solution for the past 18 months, using technologies like blockchain and distributed ledgers.

For users, Microsoft explained the benefits will include ability to own and control digital identity, provide secure experiences and enable user-centric apps and services. For developers, the solution will enable them to provide personalized experiences, better respect privacy, and promote a new kind of marketplace “where creators and consumers exchange directly.” Organizations will be able to utilize the solution to minimize privacy and security risks, provide a unified data protocol, and improve transparency and auditability.

“To achieve this vision, we need to augment existing cloud identity systems with one that individuals, organizations, and devices can own so they can control their digital identity and data. This self-owned identity must seamlessly integrate into our daily lives, providing complete control over what we share and with whom we share it, and—when necessary—provide the ability to take it back. Instead of granting broad consent to countless apps and services and spreading their identity data across numerous providers, individuals need a secure, encrypted digital hub where they can store their identity data and easily control access to it,” Microsoft wrote.

As part of the company’s partnership with DID and W3C, it will provide a open-source DID implementation that will “establish a unified, interoperable ecosystem that developers and businesses can rely on to build a new wave of products, applications, and services that put users in control.”

The post Microsoft partners with DIF and W3C on Decentralized Identity appeared first on SD Times.

“I’ve always believed the web is for everyone. That’s why I and others fight fiercely to protect it. The changes we’ve managed to bring have created a better and more connected world. But for all the good we’ve achieved, the web has evolved into an engine of inequity and division; swayed by powerful forces who use it for their own agendas,” Berners-Lee wrote in a post.

Over the past few years, Berners-Lee has worked with researchers at MIT to develop Solid, which is an open-source project that aims to restore power and agency on the web to individuals. Berners-Lee first revealed he was working on the project in July in an interview with Vanity Fair.

In the current model of the web, users submit their personal data to giant companies in exchange for a perceived value, he explained. Solid will give “every one of us complete control over data, personal or not, in a revolutionary way,” he said.

Other projects focused on decentralizing the web include Changefly, created by Lucas Dickie, and Mozilla’s dweb.

Solid is built using the existing web and gives users a choice over where data is stored, what people or groups can access certain elements of it, and which apps you use. It will enable users to link and share data with anyone. It will also allow users to look at the same data in different apps at the same time.

“Solid unleashes incredible opportunities for creativity, problem-solving and commerce. It will empower individuals, developers and businesses with entirely new ways to conceive, build and find innovative, trusted and beneficial applications and services. I see multiple market possibilities, including Solid apps and Solid data storage,” said Berners-Lee.

The open-source project is guided by the principle of “personal empowerment through data,” which Berners-Lee believes is crucial to the success of the next era of the web.

Berners-Lee remarked in 2009 that “the web as I envisaged it we have not seen yet.” He said this because at that point, people were primarily using the web for documents, and though it has evolved and seen more open data, we have not yet seen read-write data, which Solid will enable.

In order to realize his vision of Solid, Berners-Lee will be taking sabbatical from MIT, reducing his day-to-day involvements with the W3C, and has founded a company called inrupt. Inrupt will lay the infrastructure that will allow Solid to thrive. Inrupt’s missions is “to provide commercial energy and an ecosystem to help protect the integrity and quality of the new web built on Solid.”

“Together, Solid and inrupt will provide new experiences benefitting every web user — and that are impossible on the web today,” said Berners-Lee. “Where individuals, developers and businesses create and find innovative, life- and business-enriching, applications and services. Where we all find trusted services for storing, securing and managing personal data. I’m incredibly optimistic for this next era of the web.”

The post Tim Berners-Lee announces new project for users to take back control of the web appeared first on SD Times.

“W3C XML, the Extensible Markup Language, is one of the world’s most widely-used formats for representing and exchanging information. The final XML stack is more powerful and easier to work with than many people know, especially for people who might not have used XML since its early days,” Liam Quin,XML activity lead who recently announced he would be be leaving W3C after almost 17 years working with XML, wrote in a post.

XML 1.0 was first published as a W3C recommendation on Feb. 10, 1998, as a way to tackle large-scale electronic publishing problems. Today, it is a markup language used to define rules for encoding documents that are both human and machine-readable.

According to Alexander Falk, president and CEO of the software development company Altova, the evolution and success of XML has been widely misunderstood. “Today, much of what we take for granted – and sometimes don’t even think of as being related to XML anymore – is, in fact, based on XML. Every Word document, Excel spreadsheet, and PowerPoint presentation is stored in OOXML (Open Office XML) format. Every time you e-file your taxes in the U.S. (and any many other jurisdictions), the information is sent from your tax software provider to the government in XML format. Every time a public company provides its quarterly and annual financial reports to the SEC, the data is transmitted in XBRL (an XML format). Every time you talk to your Alexa device, you’re interacting with an app that uses SSML (Speech Synthesis Markup Language, an XML format). And the list goes on and on,” Falk wrote in an email to SD Times.

According to W3C’s Quin, XML can work with JSON, linked data, documents, large databases, the Internet of Things, automobiles, aircrafts and even music players. “There are even XML shoes. It’s everywhere,” he said.

But, how did we get here? The W3C created the Web Standard Generalized Markup Language (SGML) Working Group to create an SGML specification to be shared and displayed on the web and within browser plug-ins. While XML is very similar to HTML, the W3C explained the intent was not to replace HTML. XML is designed to carry data; HTML is designed to display data. XML tags are not predefined and HTML tags are, so there are still many differences among the two.

At the time the Web SGML Working Group was working on the SGML specification, there were two plug-ins: Panorama from SoftQuad and EBT/Inso, which was never released. The W3C realized the need for a standard because it was clear that it would be too complex to develop a SGML document that would support both plug-ins. “XML has some redundancy in its syntax. We knew from experience with SGML that documents are generally hard to test, unlike program data, and the redundancy helped to catch errors early and could save up to 80 [percent] of support costs (we measured it at SoftQuad). The redundancy, combined with grammar-based checking using schemas of various sorts, helped to improve the reliability of XML systems. And the built-in support for multilingual documents with xml:lang was a first, and an enduring success,” wrote Quin.

Today, Quin believes most of the work with XML is finished. “People are using the specifications in production and the rate of errata has slowed to a crawl,” he explained.

However, the end of the W3C’s specification does not mean XML is ending, it simply means it has reached a mature stage where it is widely deployed, according to Quin. “People aren’t reporting many new problems because the problems have already been worked out,” Quin wrote.

Altova’s Falk believes the future of XML looks bright. “As it gets even more ubiquitous, it will be easier for people to forget that much of the data that flows between different systems is based on XML, but that doesn’t mean it is becoming less important,” wrote Falk. “As the core of XML has matured and been refined over the years, we’ve seen a whole range of supporting standards emerge that help process, structure, transform, query, and format XML data – all coming together to establish a rich infrastructure of related technologies, including XML Schema, XSLT, XSL-FO, XPath, XQuery, XBRL, etc., that enable standards-based information processing that spans operating systems, platforms, and software products.”

“But for the most part, it’s time to sit back and enjoy the ability to represent information, process it, interchange it, with robustness and efficiency. There’s lots of opportunities to explore in making good, sensible use of XML technologies,” Quin added.

The post <span class="sdt-premium">premium</span> W3C: XML is everywhere appeared first on SD Times.

The Candidate Recommendation stage is a product of the Web Authentication Working Group, which is comprised of more than 30 member organizations including Google, Apple, Intel and IBM.

WebAuthn is a web API standard that provides users with new methods to securely authenticate on the web, in browsers, and across sites and devices. The standard was developed based on Web API specifications that were submitted by FIDO. It is a core component of the FIDO2 Project and FIDO’s Client to Authenticator Protocol (CTAP) specification, which allows external authenticators to relay authentication credentials locally via USB, bluetooth, or NFC to a user’s device, such as a PC or mobile phone.

With the new specification, users will be able to log in using a single gesture, removing some of the complexity that is currently associated with authentication processes. According to FIDO, the standards strengthens FIDO Authentication and removes the need to rely on password. In addition, it provides the advantage of having credentials stay on the device instead of being stored in a server somewhere. It also helps prevent against attacks that rely on stolen passwords, such as phishing, man-in-the-middle, and replay attacks.

“Security on the web has long been a problem which has interfered with the many positive contributions the web makes to society. While there are many web security problems and we can’t fix them all, relying on passwords is one of the weakest links. With WebAuthn’s multi-factor solutions we are eliminating this weak link,” said Jeff Jaffe, CEO of W3C. “WebAuthn will change the way that people access the web.”

Google, Microsoft, and Mozilla have already committed to supporting WebAuthn in their browsers and have started implementations in Windows, Mac, Linux, Chrome OS, and Android platforms.

FIDO will also be launching a Universal Server certification that will work will all FIDO authenticator types, including FIDO UAF, FIDO U2F, WebAuthn, and CTAP.

“With the new FIDO2 specifications and leading web browser support announced today, we are taking a big step forward towards making FIDO Authentication ubiquitous across all platforms and devices,” said Brett McDowell, executive director of the FIDO Alliance. “After years of increasingly severe data breaches and password credential theft, now is the time for service providers to end their dependency on vulnerable passwords and one-time-passcodes and adopt phishing-resistant FIDO Authentication for all websites and applications.”

The post FIDO Alliance and W3C announce stronger web authentication standard appeared first on SD Times.

Capital One began its journey creating its digital accessibility team in 2010 with the goal of establishing accessibility as a fundamental part of its digital delivery and providing all customers with equal access to its website and apps. Over the years, the company has expanded its digital accessibility team from one to 12, some of whom face their own digital accessibility challenges.

While Capital One has placed considerable emphasis on building accessibility into its products among developers and designers, there are also efforts at the business level to educate business leaders and lines of business as well as to provide them with self-service tools.

Without organizational involvement and the proper investments, web accessibility programs can fall short of expectations, or worse.

Why accessibility is such a big issue
According to the World Health Organization (WHO), approximately 15 percent of the world’s population lives with some sort of disability. Granted, 15 percent of any population is a minority, but when it comes to serving disabled individuals, a plain old cost-benefit analysis is inadequate. Businesses must also weigh the risks, which include possible regulatory and legal action, lost customers and damage to reputation. They should also consider the opportunities, some of which may not be apparent.

A larger problem is the general lack of awareness about web accessibility and its importance. Understandably, those who lack disabilities tend to think about them, in very simple terms, when the topic is actually complex. For example, blindness and deafness are pretty obvious, but there are many types of physical, cognitive and other types of disabilities.

Moreover, even within a single category, there tends to be a range of disabilities. For example, not everyone with auditory disabilities is deaf. They could be hard of hearing or they may have trouble processing auditory input.

“Many times, engineering and design groups don’t know exactly what digital accessibility means. Or, if they do have some awareness of what it is, they aren’t always sure how to actually implement it effectively.  That’s probably the biggest challenge,” said Mark Penicook, senior manager of accessibility at Capital One.

Where to start
If your team hasn’t started thinking about web accessibility and how that impacts your products and your customers, the time to start thinking about it (and doing something about it) is now. However, it isn’t necessarily obvious how or where such efforts should begin.

Capital One follows the World Wide Web Consortium (W3C) Web Content Accessibility Guidelines (WCAG 2.0), which address a plethora of accessibility issues for web and mobile applications through the Web Accessibility Initiative (WAI). More broadly, the W3C develops standards for the web, including industries converging on the web such as digital publishing, TV and broadcasting, web payments, automotive and internet of things, as well as aspects such as privacy, security and internationalization.

“We preview all of the W3C standards during development to make sure they can support the accessibility needs of any user. If there’s an issue, we talk with working groups to address barriers and advance accessibility opportunities in that standard,” said Judy Brewer, director of the W3C’s Web Accessibility Initiative. “Additionally we develop specifications that are specific to accessibility, such as Accessible Rich Internet Applications (ARIA).”

The W3C’s Web Accessibility Initiative is updating its guidelines to increase coverage of cognitive disabilities and low vision disabilities, and placing additional emphasis on mobile.

Brewer also notes the business advantage of using tools that support the Authoring Tool Accessibility Guidelines (ATAG) 2.0.

“[We have standards for] anything that can better support the more efficient production of accessible content is important, including HTML editors and WYSIWYG authoring tools, content management systems, social media, media editors and graphics editors,” said Brewer. “Businesses can more efficiently address accessibility by building it into the authoring tools that they’re using.”

The W3C WAI is also underscoring the importance of improving resources for testing, since testing website and mobile app accessibility is more difficult than testing and validating HTML, for example. The latter can be done automatically; however, the former requires a mix of automated, semi-automated and expert testing.

In addition, the W3C is coordinating with some research and development organizations and actively promoting standards harmonization so it’s easier for companies to implement accessibility.

Capital One’s four-prong approach
As the Capital One digital accessibility team has grown from one to a team of 12 employees and consultants, it has formalized an approach to ensure that web accessibility is implemented well across the organization.

“We spent a lot of time and effort looking at the way we can move accessibility further up the chain in the software development lifecycle to help our engineers, designers and product owners who are working on all of our digital properties,” said Penicook. “Number one is they have to know about accessibility, so we want to make sure that everyone’s aware of and understands our corporate standard so they can execute against that.”

Importantly, Capital One’s accessibility group is proactively addressing four issues simultaneously:

1. Ensuring accessibility is built into the pipeline
2. Continually monitoring and testing what’s in production
3. Providing self-service digital accessibility training and testing tools
4. Marketing the digital accessibility “brand,” so other parts of the organization understand what Penicook’s team does and how to find it

“There was a time when we had to do all of the testing, all of the consulting and make all of the recommendations,” said Penicook. “Self-service is about continuing this journey to enable others to be able to take on some of the responsibilities our team has been providing in the past.”

The internal efforts are complemented with external efforts that keep the group involved in the accessibility community, via conferences and websites.

“We would love it if every company made their websites and mobile applications fantastically accessible everywhere,” said Penicook. “We’re not doing this to compete more effectively against another bank or credit card company. It’s just the right thing to do.”

Implementation changes
Constantly ensuring and improving digital accessibility is a complex task, particularly given the range of assistive features that need to be provided to ensure that whatever disability a person may have does not go overlooked or is not underserved.

“Ensuring accessibility throughout the SDLC can be challenging because you need to make sure accessibility is integrated into what you’re building and that it stays integrated,” said Penicook. “When you have a small group like we do, you have to make sure that your accessibility knowledge and best practices get proliferated across work streams, lines of business and delivery channels.”

Another challenge is ensuring accessibility as technology and programming languages change.

“With all the operating systems and assistive technologies and the interplay of interactions of all of those things, practically speaking, each user has their own tech stack,” said Penicook. “There are a lot of constantly-evolving considerations that have to be made and at the same time, we’re facing pressures to release products, services, updates and functionality as rapidly as possible.”

Precious time can be saved when accessibility is addressed throughout the SDLC, starting very early in the SDLC. It’s also important that engineering, risk compliance and legal are aware of what accessibility is, why it’s important and what their specific role is in relation to it.

Think creatively
Penicook’s group has put effort into addressing temporary disabilities along with permanent ones, which is an easy point to overlook. The team also considers combinations of disabilities.

“A lot of times we talk about temporary or situational circumstances. For example, what we do to help a person who may have lost the use of a limb also equates to someone whose broken arm is in a sling or is carrying a baby with one arm,” said Penicook. “We stress inclusive and universal design so that the things we do for accessibility can also be extrapolated into temporary situations or circumstances.”

Building an organizational process takes a lot of thought at a lot of levels and the requirements vary from jurisdiction to jurisdiction. The W3C has a policy reference page that provides the status of requirements in different locations, but increasingly finds that policies around the world are calling for use of W3C’s WCAG 2.0 as an internationally harmonized accessibility standard.

But before getting creative, make sure to get the basics right: understand accessibility, understand how it impacts customers, products and the business and develop a set of processes that ensure great digital experiences for all of your customers.

The post Web Accessibility: The effort at Capital One Bank appeared first on SD Times.