Photo by Denise Jans on Unsplash
Some of you may know that I host the 鈥淧rinciple Driven Leadership鈥?Podcast, so in a sense, I am in my element in this blog post because the essence of the podcast is how to lead through principles and the importance of providing vision in order to grow, resolve problems effectively and create durable results.
With that in mind, I am excited that the W3C Advisory Board has published as a W3C Statement the document Vision for W3C, which articulates W3C鈥檚 core vision for the web. W3C Statements provide a stable reference for documents that W3C Members formally endorse after review. 鈥淰ision for W3C鈥?defines the values of W3C鈥檚 mission as well as the shared principles that guide our decisions for the web, as new technologies enable new possibilities. I can not emphasize enough the importance of vision. Vision matters. It is my first core principle of leadership (the second and third being 鈥渓eaders resolve problems鈥?and 鈥渓eaders create more leaders鈥?, because vision drives impact.
Vision, paired with robust guiding principles, enables organizational alignment and begets positive outcomes. These key words describe a virtuous positive cycle: Clear vision and stated common outcomes (the 鈥渨hy鈥?, and refined principles that drive forward motion (the 鈥渉ow鈥?, create the alignment required for an organization to reach durable and sustainable success.
W3C鈥檚 vision provides our community that clarity: it is that the web is for all humanity, it is designed for the good of all people, it must be safe to use, and there is one interoperable world-wide web.
Our operational principles encompass user-first, multi-stakeholder, diversity, thorough review, consensus, royalty-free and voluntary implementation, open participation, transparency, interoperability, incubation, decentralization, and collaboration. These principles stake out the path towards the sustainable success of W3C.
Furthermore, the core sections on vision in 鈥淰ision for W3C鈥?and the aforementioned operational principles for W3C, are the drivers behind the Strategic Objectives and Initiatives that we developed and made public last month. Vision enables purposeful change, and 鈥淰ision for W3C鈥?is what underpins W3C鈥檚 mission. In all of our four strategic objectives, we will be centering our guiding star on the impact W3C has. That will ensure that we navigate challenges and opportunities in a way that fulfills our mission of making the web work, for everyone, by bringing together global stakeholders to develop open standards that enable a World Wide Web which connects and empowers humanity.
I want to thank and acknowledge the individuals and our collective community for bringing this foundational document to life. I see this as a key component of leading the World Wide Web Consortium.
Blog post illustration: Telescope, by Daniel Appelquist
Today, W3C is pleased to announce the publication as a W3C Statement of Vision for W3C. W3C Statements provide a stable reference for documents not intended to be formal standards but that have been formally reviewed and are endorsed by W3C.
Vision for W3C articulates the World Wide Web Consortium鈥檚 core vision and operational principles, with goals to:
- Help the world understand what W3C is, what it does, and why it matters
- Communicate shared values and principles of the W3C community
- Be opinionated enough to provide guidance and a framework for making decisions, particularly on controversial issues
- Be timeless enough to remain relevant without needing frequent revision, while being open to evolving based on the needs of the community
The World Wide Web Consortium, as a community leader in defining technical standards and guidelines for a World Wide Web that connects and empowers humanity, has a role to provide a neutral open forum where diverse voices from around the world work together by consensus. The web has had a tremendous impact on the world, and its impact will continue to grow in the future as it expands reach, knowledge, education, and services even more broadly.
Vision for W3C was produced by the W3C Advisory Board (AB) as a work item that it has been tracking as a priority since 2021, and builds on the W3C Technical Architecture Group鈥檚 excellent Ethical Web Principles, as it fits into the same framework and promotes many of the same goals. Where Ethical Web Principles focuses on the 鈥渨hat鈥?- what we produce - Vision for W3C focuses more on the 鈥渉ow鈥?- by writing down core operational principles. We are grateful to the AB Members, W3C Member representatives and W3C Team Members who joined them in the Vision Task Force, for shepherding this important work.
A few weeks ago we released to the public the initiatives for 2025-2028 that will support W3C鈥檚 strategic objectives. Both Vision for W3C and Ethical Web Principles provide the foundational basis upon which to envision how to exercise our social responsibilities through rigorous consideration of accessibility, internationalization, privacy, and security.
Written in the spirit of taking responsibility to address the impact of our work, Vision for W3C defines the values of W3C鈥檚 mission and the shared principles that guide our decisions as new technologies enable new actions and new possibilities. Vision for W3C allows us to take deliberate steps to address the many harmful unintended and undesirable consequences that arose from the web鈥檚 amazing success, and to continue to provide the consistent architecture that enables a World Wide Web that works, for everyone.
This week some W3C staff members, including myself, will contribute to a series of conversations about the future of identity on the web at the Global Digital Collaboration in Geneva. The timing is great from a W3C perspective because we have recently published multiple specifications that I believe will contribute to the next chapter of identity on the web.
Verifiable Credentials 2.0
Credentials such as driver鈥檚 licenses, passports, diplomas, and payment methods all play an important role in our daily lives. In a growing number of situations, people want to exchange these credentials digitally, and governments are beginning to push for interoperable technologies to support the demand. The foundation of trust in a credential ecosystem is that parties can cryptographically verify these credentials. I lead W3C鈥檚 security activities, and so am particularly focused on the secure exchange of these credentials.
In May, W3C published version 2 Recommendations of the Verifiable Credentials family of standards (see the press release). These standards enable the secure, privacy-respecting, and cryptographically verifiable expression of digital credentials.
For flexibility across a broad range of applications and governmental mandates, the new standards support a variety of encoding schemas (e.g., JSON-LD, SD-JWT). The Verifiable Credentials family also provides multiple ways to attach or embed cryptographic proofs to claims. Because the crypto landscape is quickly evolving, the standards are designed to be 鈥渃rypto-modular鈥?to accommodate emerging cryptographic approaches such as Post-Quantum Cryptography (PQC) and Zero-Knowledge Proofs (ZKP). With selective disclosure and the capability to combine multiple credentials into verified presentations, this model ensures secure, efficient, and privacy-preserving user data management.
Digital Credentials API
The unifying goal of the standards is to empower people to exchange verifiable information securely, privately, and seamlessly on the web. But how do people exchange these credentials, for example, when prompted by a site to provide a national identity? That is the role of the Digital Credentials API, conceived in the Web Incubator Community Group, and now on the standards track in the Federated Identity Working Group. That group published the First Public Working Draft on 01 July 2025.
The Digital Credentials API enables websites to request credentials, and for users to consent to return credentials that they carry around in digital wallets. Above, I said 鈥渟eamlessly鈥?and that鈥檚 where the user agent (browser typically) plays a critical role. The user experience of understanding what is being requested by a site, selecting from among relevant credentials, consenting to share the credentials, and getting new credentials from issuers (e.g., universities, the department of motor vehicles, a bank) must be excellent, and the browser is uniquely positioned to support that experience.
Because the Digital Credentials API has been incubated for some time, both Google and Apple are already shipping early implementations, so people can check out demos and conduct experiments. This experimentation will inform the evolution of the specification.
This is only the First Public Working Draft, and the Working Group still needs to address some important security and privacy issues. For example, one of the hot topics is how to balance data privacy with the ability of the user agent to create a secure credential selection experience. Although the Digital Credentials API already expects credentials to be encrypted and signed by wallets (before being handed back to the user agent as output from the Digital Credentials API), there are ongoing conversations about the role of unlinkability for data input to the API. There is more work to do on this and other topics, and I encourage people to join the Federated Identity Working Group discussions.
The ecosystem
As I mentioned, the APIs being standardized at W3C involve interactions with wallets. The current W3C expectation is that the wallet ecosystem will be enabled by a broader ecosystem of operating systems and standards from partner SDOs, including the FIDO Alliance, OpenID Foundation, IETF, and ISO. A lot of the current push for all of these parties to work together comes from the European Union鈥檚 Digital Identity Wallet (EUDI) initiative. A number of large-scale pilots are underway, and they will inform the ultimate EU regulation around the wallet ecosystem.
The Open Wallet Foundation has organized next week鈥檚 Global Digital Collaboration to bring together the broader ecosystem, including governments interested in open standards for wallets, certification programs, and a role for governments. W3C is one of the event鈥檚 co-organizers, and W3C staff will host sessions on Threat Modeling Digital Wallets, focusing on Privacy, a Holistic Security view for Digital Identities, one focused session on the Digital Credentials API, and one for W3C Verifiable Credentials.
My colleagues and I look forward to joining these conversations to represent core values of the W3C mission, such as those reflected in recent W3C Statements such as Privacy Principles for the Web and Ethical Web Principles. For example, a core principle upheld in the W3C APIs is that users maintain control over their digital identities, which need not correspond directly to their legal identities. W3C emphasizes enabling users to present multiple identities across contexts, including ephemeral or anonymous identities, when necessary. User agents (such as browsers or other user interfaces) thus play a critical role in mediating interactions between users and online services, dynamically ensuring digital privacy and security. This approach balances user protection from undesired identification while facilitating intentional recognition, in simultaneous pursuit of both privacy and usability.
I look forward to sharing my experiences from the conference in a follow-up post.
Icons by Flaticon.com
I joined the World Wide Web Consortium at the end of 2023, the year it was established as a US 501(c)(3) public-interest non-profit organization. After meeting the people (staff, W3C Members, collaborators from the community, etc.), taking stock of what the almost-thirty-year-old organization needed to be stronger, and to plan our efforts to move the world forward through the web platform, I then started expanding our connections to liaise with organizations and counterparts. We used the whole first semester of 2025 to iterate and finalize W3C鈥檚 strategic objectives and thematic initiatives spanning the next 3 to 5 years, that I鈥檓 pleased to introduce publicly today.
We will be centering our guiding star on the impact W3C has, to ensure that we navigate challenges and opportunities in a way that fulfills our mission of making the web work, for everyone, by bringing together global stakeholders to develop open standards that enable a World Wide Web which connects and empowers humanity.
W3C鈥檚 impact is through its broad mandate and all-encompassing methodology: since our founding 30 years ago, W3C has played an essential role in driving to trustworthy global solutions by creating trustworthy international standards that rigorously consider accessibility, internationalization, privacy, and security. From our continued work on web standards stems a single, open, interoperable platform that interconnects humanity. That is our impact.
The following commitments serve to illustrate by way of examples the four strategic objectives for W3C:
- Even though the web caters to over 5 billion people, the gap represented by the digital divide is increasing and we must consider what a 鈥渨eb for all鈥?truly means and how to sustain expanding our support.
Strategic objective: Diversify our support
鈫?nbsp;Ensure we have access to appropriate resources to protect our future even in the face of change. - We want our trusted gathering place to welcome more far-seeing technical experts and advocates about, and for, the web, so our standards work must consider the impact it has on the world.
Strategic objective: Enhance our impact
鈫?nbsp;Direct our standards work through a framework that enables us to qualitatively and quantitatively define, analyze, and communicate the impact W3C intends to have. - Owing to our role in educating and promoting awareness of ethical and principled behaviors on the web, we must increase relationships with policymakers and regulatory bodies to advise on technical aspects and ensure that our values are represented, and to ensure we understand their needs as they impact the work that we do.
Strategic objective: Broaden our footprint
鈫?nbsp;Expand our reach to involve communities and community representatives to ensure a truly world-wide perspective. - And finally, while the landscape of our work has changed significantly in large part because of the work of our community, we must examine how well-prepared and organized we are to face these challenges and perform the necessary structural evolution and operational optimization.
Strategic objective: Solidify our structure
鈫?nbsp;Ensure W3C is set up to be a more resilient, adaptive, and durable organization to deliver on our mission well into the future.
These long-term objectives will be supported by five strategic initiatives that the W3C Team will execute and track over 2025-2028:
- Structural evolution: Ensure that our underlying structure and processes are fit for purpose and can effectively enable our future work.
- Impact framework: Enable W3C to qualitatively and quantitatively define, analyze, and communicate the impact we have on the world.
- Stakeholder outreach strategy: Improve our overall effectiveness by reinforcing and enhancing relationships with existing stakeholders (e.g., W3C Members, implementers, web developers, etc.) as well as finding new stakeholders that can help further advance our mission.
- Technology strategy: Maintain relevance through a focus on navigating technology evolution and newly emerging web and web-adjacent technologies.
- Policy engagement: Provide expertise and insight from our community to governing bodies and policymakers to ensure future policies are better informed by our collective knowledge and values.
In summary, we should work towards diversifying our support, finding new stakeholders that can contribute, and strengthening existing work with membership to rapidly adapt to and mitigate risks posed by our rapidly changing environment, while strengthening our organization鈥檚 structure and operations. Our positive impact will help ensure we attract more people to shape and strengthen the web, and grow ourselves in the process so we can further the virtuous circle. By adopting initiatives that support strategic objectives, we can truly realize our vision of making the web work, for everyone 鈥?a web designed for the good of its users, that is safe and secure.
I invite you to read World Wide Web Consortium (W3C) 2025-2028 Strategic Objectives and Initiatives, a public document streamlined from a document that the W3C Board of Directors approved a few weeks ago, following W3C Team and Members iteration and review.
The Board of Directors has open seats that can be appointed by the Board of Directors itself for two-year terms. The Development Committee has been considering what skill areas the current Board needs to level up. We are seeking the community鈥檚 help in order to identify candidates who might fill those gaps.
Based on self-assessment of the current Board Directors, we believe the Board would significantly benefit from increased financial skills, legal acumen, and fundraising experience. We have additionally identified that connections to other standards-defining organizations would be beneficial, as well as improving our geographic balance - in particular, our current Board Directors under-represent North America in terms of geographic distribution of our members.
As a reminder, the Board maintains documents on the role of the Board as well as the expected skills and expectations for Directors.
We are looking for suggestions of potential Board Director candidates who might improve our collective skills. We would particularly encourage suggestions of people with experience on non-profit boards, especially of national or international organizations.
We want to ensure we have a broad candidate pool. If you have any, we would encourage you to send suggestions of candidates to board-appointee-suggestion@w3.org. This list reaches the W3C Board of Directors Development Committee and W3C Officers. You may self-nominate or suggest other people. Please, be as specific but also as brief as you can.
Please note this is not an election. As part of the appointments the Board will discuss, and select candidates to explore further with (if any) based on how well they would round out our collective skills to improve the Board.
]]>
Photo by Annie Spratt on Unsplash
Continuing the series that puts the emphasis on the key areas that help ensure that the Web works, for everyone, this month I am diving into Web security. It is one of the key areas that we call 鈥渉orizontals鈥?and that shape every W3C work package because they involve approaches that are common to all work groups. Our horizontals are Web accessibility, internationalization, security and privacy.
The imperative
Creating a more trustworthy web and protecting user privacy is fundamental to creating a web that works, for everyone.
Privacy, along with Security, are integral to human rights and civil liberties, and are essential to the success of the web platform. Today, so many of the features of the web and its usage involve information about people and their communications that privacy must be considered consistently across the design of the entire platform. The human factors and the sociotechnical aspects add additional complexity.
To affirmatively realize the privacy of people using the web and address privacy threats that have already arisen requires us to operate in an interdisciplinary and global space, and to develop dedicated privacy features.
How W3C approaches privacy on the web
Following the mid-2000s W3C work on Platform for Privacy Preferences (P3P), the W3C Team in 2011 identified the need to strengthen the foundations of trust on the web for communities large and small to access and share data, and made it an area of focus in 2011. The evolution then trended toward significantly more intense collection, processing, and publication of personal data.
We follow a recipe that is simple but which details are of importance:
- Review the privacy of web standards
- Advise W3C groups developing standards to mitigate privacy issues
- Develop some private technology standards
Horizontal reviews are conducted for privacy of proposals and specifications under development by other W3C Working Groups and Community Groups, and of charters for other W3C groups. Related to that is advising groups developing standards on how to avoid and mitigate privacy issues with web technologies.
The other main component is the standardization of new technical mechanisms that improve privacy on the web, including work moving from incubation when there is a basic technical design, significant implementer interest and activity.
The W3C Privacy Working Group undertakes the former and a lot of the latter. The rest of the privacy-focused features specific to technical work covered by another Working Group are typically best developed in those Working Groups, alongside related technical features.
In focus: Global Privacy Control, Private Advertising
Global Privacy Control (GPC) defines a signal, transmitted over HTTP and through the DOM, that conveys a person's request to websites and services to not sell or share their personal information with third parties. This standard is intended to work with existing and upcoming legal frameworks that render such requests enforceable.
W3C launched the Private Advertising Working Group
in late 2024, motivated by the Ethical Web Principles W3C Statement, to specify web features and APIs that support advertising while acting in the interests of users, in particular providing strong privacy assurances using predominantly technical means.
If you wish to know more about ongoing work, I suggest you take 8 minutes to watch the Privacy talk my colleague Tara Whalen, W3C Privacy Lead, gave early April 2025.
W3C Statement: Privacy Principles
The Privacy Principles were elevated in May 2025 to W3C Statement, which means that although the document is informative and not a formal standard in nature, it creates a stable reference that has received formal review and endorsement from W3C Members.
The document provides definitions for privacy that are applicable worldwide as well as a set of privacy principles that aim to guide the development of the web as a trustworthy platform.
You can read more in Tara Whalen鈥檚 blog post on the W3C Statement: New Privacy Principles for a more trustworthy web.
"Privacy" by Rob Pongsajapan, licensed under CC BY 2.0
Protecting user privacy is fundamental to creating a web that works for everyone. Last week, W3C published its Statement on Privacy Principles, in support of furthering this goal. This document defines some foundational privacy concepts and provides a set of privacy principles to guide web development. We hope this guide will enhance the community鈥檚 understanding of privacy, illustrate ways of realizing it in practice, and inspire a vision of the trustworthy web that we can create and sustain together.
Last December, W3C published its first ever Statement, on Ethical Web Principles. The Privacy Principles Statement continues this series, focusing specifically on the considerations required for creating a web that respects people鈥檚 privacy. This milestone is significant: W3C Statements are documents that have been formally reviewed and endorsed by W3C's membership as a whole. The Privacy Principles document was developed over three years and incorporated feedback and contributions from the W3C community, and is now accepted as a W3C Statement to indicate our collective stance on the fundamental importance of web privacy and how to achieve it in practice.
I first started working on privacy with W3C in 2012 (as one of the original co-chairs of the Privacy Interest Group) and I have seen first-hand how users鈥?online privacy has evolved over the years, both in terms of new opportunities as well as new challenges. During this time, a lot of helpful privacy material has been produced, such as a guide on mitigating browser fingerprinting (to reduce the risk of user tracking) and a questionnaire to assist specification authors and reviewers in improving the level of privacy and security of their designs. The Privacy Principles Statement complements this body of work by providing a more general document that includes core privacy concepts as well as overarching guidance that ensures privacy is built into the foundations of web technologies.
Privacy is a very broad topic. In order to reason about privacy on the web, and therefore provide actionable guidance, it鈥檚 first necessary to define what we mean by privacy in the context of the web. That鈥檚 why this document begins with an introduction to privacy on the web, covering topics like data governance, individual autonomy, deceptive patterns, consent, opt-out and privacy labor, as well as the role that browsers (user agents) play in safeguarding web users. This provides context for the actionable principles, each of which is marked with the audiences that it's most relevant to: websites, user agents or API (web technology) designers.
It鈥檚 also important to consider how web technologies interact with social and policy aspects in the privacy realm. The regulatory environment, for example, is constantly evolving and has significant implications for the data protection of users around the world. One of the goals of the Privacy Principles Statement is to support online privacy regulations; the document is written to address both technological and policy considerations and hopefully help achieve some alignment between different regulatory regimes. Because the discussions around online data can sometimes become complex, the document includes several short, concrete examples to illustrate privacy risks and possible mitigations 鈥?for example, handling geolocation information or managing children鈥檚 services.
It鈥檚 taken a lot of work from many members of the W3C community to get these Privacy Principles to this stage, and I want to acknowledge their hard work and dedication. This document is the result of sustained effort by the Privacy Principles Task Force (a group representing a wide range of web stakeholders, convened by the W3C Technical Architecture Group), with particular credit to its Chair Daniel Appelquist and to the document editors, Robin Berjon and Jeffrey Yasskin. Additional thanks are due to all of the people who constructively engaged in discussions about web privacy鈥搒ome of them over several years!鈥搕hat were instrumental in producing a Statement that accurately reflects our collective privacy vision for the web.
While we鈥檙e taking a moment to celebrate the publication of this document, we acknowledge that the work is far from over. We鈥檙e eager to hear feedback about the Privacy Principles, which we can use to improve and expand our future documentation. And of course we encourage you to put the principles into practice as we build a better web!
The Publishing Maintenance Working Group (PMWG) is pleased to announce the final update of the W3C Recommendation for EPUB庐 3.3.
The publishing community has thoroughly tested these Recommendations. When presented for publication, support was unanimous among responding W3C Members. It is encouraging that several reviewers indicated that they produce or plan to produce products that use this specification.
Corrections made to EPUB Recommendations
This update introduces no new features. The changes clarify the language and bring it in line with related specifications. The PMWG reports:
- We fixed the epub:type attribute not allowed on links in SVG;
- We clarified the requirements for SVG embedded by inclusion and by reference; and
- We fixed our white space definition for the fixed layout viewport meta tag. This disallowed form feed, avoiding potential rendering issues.
What鈥檚 next for EPUB3?
The PMWG鈥檚 work continues with the next major revision to the EPUB 3 family of Recommendations. This upcoming version will add new normative features to the specifications. For more information, please refer to the Publishing Maintenance Working Group Charter.
The WG will take on these tasks:
- Ensuring a good experience when reading in dark mode
- Considering adding support for HTML in the EPUB package, and
- Standardizing practices for content like footnotes & endnotes.
New Task Forces: Digital Comics, and EPUB Annotations
The Digital Comics Task Force will explore how EPUB can better support comics creators and readers. This would include webtoons, manga, graphic novels, and similar content. Digital comics are often read as a continuous scroll on mobile devices. They are not usually separated into pages like a typical ebook. The TF will develop scrolling specifications for both ebook producers and ebook reading systems. Another important feature of manga and webtoons is serialization. Digital comics need new metadata so that people can find the next installment of their favorite manga.
Currently, people can annotate EPUBs within a reading system. But the annotation remains with the platform, not the publication. There are use cases for annotations stored within an EPUB package. Researchers could access their notes from multiple devices, and potentially export the annotations. Teachers would be able to share their perspective with students. Annotations are valuable in legal documents, too. Ebook reading platforms could benefit from making it easier for people to switch accounts. An EPUB Annotations Task Force will look into adding this long-requested feature to EPUB.
Accessibility in EPUB
The Accessibility Task Force and the Fixed Layout (FXL) Accessibility Task Force will continue their work. The FXL Accessibility Task Force is developing a techniques document. It will include specific models and examples. Since the current FXL EPUBS cannot be fully accessible, the TF will incubate ways around this with new technology. Additionally, they are tasked with bridging EPUB metadata to library and other publication data systems. This will ensure that people can find an ebook that suits their reading needs.
The Accessibility Task Force topics include moving from WCAG 2.0 to 2.1 or 2.2 as the floor specification. They will also look at metadata. New metadata is needed to identify publisher contacts for accessibility issues. The TF intends to develop a way to deterministically identify content by type. With that in place, people will know if they can access an ebook鈥檚 content.
Contact the group's co-chairs if you have an interest in one of these TFs and would like to contribute to the new EPUB specifications.
EPUB 3.4 working drafts
The Working Group has published the first working drafts of the EPUB 3.4 specification below. At this moment, the initial Working Drafts are essentially identical to the 3.3 versions, but the Working Group plans to evolve these documents to a standard in about two years.
Congratulations to Matt Garrish, main editor; co-chairs Wendy Reid, Shinya Takami; co-editor and W3C staff contact Ivan Herman; and the entire Publishing Maintenance Working Group for this update.
]]>You know the feeling. You鈥檙e in a product meeting, skimming GitHub issues, or catching up on another EU regulatory proposal, and you realize there鈥檚 something missing in how we鈥檙e building for the web. Maybe it鈥檚 a technical shortfall, maybe it鈥檚 a user experience no one鈥檚 nailed yet, or maybe it鈥檚 a whole category of use case the current standards aren鈥檛 touching with a ten-foot pole.
That鈥檚 where the W3C Exploration Interest Group (IG) comes in.
We鈥檙e not a working group. We鈥檙e not here to define normative specs. We鈥檙e here to connect the dots between the real world and the standards world and to ask better questions before jumping to answers. Think of us as the early R&D lab for identity, authentication, and trust on the web.
Why this group, and why now?
If you鈥檙e building for the web, navigating its policy landscape, or just trying to make something interoperable, this group鈥檚 for you. Why? Because web identity is in flux. Cookies are on the way out. Federated login flows are being rebuilt. Browsers are experimenting with new APIs. And regulators? They're not exactly standing still either.
If we want a web that works for real users, across real use cases, we need more people at the table who can say:
鈥淗ere鈥檚 what鈥檚 happening in production, and here鈥檚 what we still don鈥檛 understand.鈥?/i>
That鈥檚 what the Exploration IG is here for: to find the gaps, to make space for disagreement, to spotlight use cases that standards groups haven鈥檛 prioritized yet, and to build the bridges that might become working group charters down the line.
What we鈥檙e exploring?
We don鈥檛 have a single-track agenda鈥攂ut here鈥檚 the kind of stuff that gets us talking:
- Technical gaps between browser implementations and web specs
- Emerging wallet models, identity credentials, and federation flows
- Use cases that span trust frameworks, sectors, or jurisdictions
- Fragmentation risks when multiple standards solve the same problem differently
- Regulatory signals that need a better technical response
Contribute your ideas!
Our GitHub repo is public, and we actively welcome ideas and discussion there; this is an open forum, and everyone is welcome to contribute their ideas. If you see something in the wild that standards groups should be thinking about, bring it to us. Whether you鈥檙e an implementer, a researcher, a policymaker, or someone with a stubborn browser bug and a vision, open an issue. We want to hear from you. And if it turns into a recurring collaboration, we鈥檇 be delighted to have you join the group.
Some of the best conversations start with 鈥淚鈥檓 not sure this fits anywhere else."
And that鈥檚 exactly the kind of conversation we want to have. So if you鈥檝e ever felt like there鈥檚 something important that doesn鈥檛 quite have a home in the standards process yet, maybe it belongs with us.
We meet every other week and organize sessions around topics raised by the community. Join us. Listen in. Bring your questions. Or just open an issue and see what happens.
]]>The WebDX Community Group started work in 2022 to make it easier for developers to track the list of features that are widely available and those that are under development.
Since then, the Community Group has been busy developing the open-source web-features project, a shared catalog of features of the web platform, and the Baseline status to give developers clear information about which of these features work across a core browser set. Baseline badges have now been integrated in Can I Use, MDN, RUM Archive Insights, RUMvision and others. Watch the Baseline web features for the win video (September 2024) for a quick dive into the web-features project.
Today, we are happy to announce that the WebDX Community Group has reached a new milestone: most keys defined in the @mdn/browser-compat-data project (BCD), which powers support tables in MDN pages and contains the most complete set of fine-grained features defined in web specifications, have been mapped to 1000+ higher-level features in the web-features project. This provides a first nearly complete catalog of web features, along with their Baseline status. The catalog is available through the web-features package in the npm registry.
This effort would not have been possible without significant contributions from, and collaboration with, organizations such as Open Web Docs, MDN, browser vendors, and many others! Many thanks to them and to organizations that provided support in the background so that group participants could do the work.
Plotting browser support data in the catalog shows the evolution of the web platform in terms of number of features and Baseline status within browsers from the first release of Safari in June 2003 (95 features) to the end of February 2025 (1006 features), and the relative split between features that are implemented somewhere (328 as of February 2025), Baseline Newly Available (150 as of February 2025), and Baseline Widely Available (528 as of February 2025). Please keep in mind that the support data only covers browsers of the core browser set (Chrome, Edge, Firefox, Safari) and that the notion of Baseline only becomes meaningful once all these browsers have shipped a first version (after July 2015 for the Baseline Newly Available status, after January 2018 for the Baseline Widely Available status).
Evolution of the web platform in terms of number of features implemented in browsers
The list of features will of course keep growing as new features get discussed, standardized and implemented across web browsers. The group also expects to refine existing mappings, to further improve tooling (including the <baseline-status> web component to display the Baseline status of a web feature), and to work with browser vendors, maintainers of libraries, documentation and services to integrate web-features where it matters for web developers.
If you want to learn more about the project and provide feedback, you are welcome to attend the breakout session about web-features that Patrick Brosset, co-chair of the WebDX Community Group, will lead during Breakouts Day 2025 on 26 March 2025 (time still to be defined).
If you want to contribute and improve the developer experience of the web platform, please join the WebDX Community Group or bring your input to the web-platform-dx/web-features GitHub repository.
The W3C Security Web Application Guidelines (SWAG) Community Group seeks to make it easier for developers to leverage security features that are often complex in their application development.
SWAG launched in June 2024 after the W3C Workshop "Secure the Web Forward". One of the workshop鈥檚 findings, and some accompanying developer research presented there, is that web developers are generally unsure about security and their role in ensuring that web apps are secure. This group鈥檚 mission, therefore, is 鈥渢o increase the overall security of web application development by writing security best practices for web developers and providing a platform for stakeholder collaboration.鈥?In the same manner as that workshop, SWAG is intended to be connected to other organizations that share a similar mission, such as the OpenSSF Best Practices Group, OpenJS Foundation, and OWASP.
One of the first results of SWAG鈥檚 efforts is a set of videos addressing the complexities of Content Security Policy and Trusted Types. These two features can be used as effective XSS mitigations but, unfortunately, are difficult to configure due to the breadth of the threats they mitigate and the fact that they are time-consuming to debug.
Six talks introduce open-source tooling developed from Google鈥檚 large-scale CSP and Trusted Types adoption work. These tools, which serve as a natural interface between developers and the specifications, provide actionable help in a tight feedback loop during the development cycle to reduce the uncertainty and complexity of configuring these best-in-class web security mitigations against XSS. The experience of Google engineers who have shipped strict CSP and Trusted Types to hundreds of web applications is distilled into tools that provide best practices and gentle guidance toward a more secure codebase.
SWAG meets every week and those talks were recorded during the meeting of 11 November 2024. The 6 videos are available via the "Security at W3C" playlist on W3C's YouTube channel.
]]>I recently had the pleasure of speaking at several events during the World Economic Forum in Davos, Switzerland. This was a great opportunity to represent W3C and the power of international standards, particularly since the theme this year was 鈥淐ollaboration for the Intelligent Age鈥?
W3C鈥檚 30 year history of global collaboration to build open, free, interoperable standards for a single world wide web is a great example of the kind of collaboration our world continues to need in rapidly changing times. As such, it was good to see how much interest there is in interoperable international standards in general and in W3C鈥檚 participation in such conversations in particular. It was great to have the opportunity to talk about the positive and at times life-changing impacts that international standards can have, and to hear others outside of the standards community express their interest, support, and even the very need for international interoperable standards.
Key points:
- Interoperability: Alain Labrique (World Health Organization) expressed how interoperable standards for health information can save lives by enabling the exchange of critical information in a crisis. Earlier in the week I shared the importance of interoperable standards around validating the provenance of critical information during disaster relief efforts.
- Trust: there was much discussion throughout these sessions of the need to increase trust in the digital infrastructure and how openness, be it open source development or an open and royalty-free standards process such as we have at W3C, serves as a foundation for trust.
- Privacy: I don鈥檛 believe you can discuss identity, security, and trust without talking about privacy. In our privacy principles, W3C emphasizes the importance of individual autonomy and the need for user agents to adhere to privacy principles in order to ensure a trustworthy web.
Ultimately, international standards can enable trustworthy solutions that support local control and security while providing a framework for global trust.
We at W3C play a critical role in making this happen. Because of our long standing focus on enabling one web for all, and our current composition representing industry leaders, big and small, from around the world, we have the potential to influence global discussions involving the web. Because the web is embedded in many different aspects of society throughout much of the world, there are many conversations outside of W3C that can impact how the web is used and even how the web is shaped. This was the first time W3C was formally represented at an event during the World Economic Forum and the opportunities that these conversations bring to us are invaluable.
It鈥檚 important for W3C to be involved in those conversations, in large part because of our knowledge and that we are a hub for major and minor implementers around the world. It鈥檚 also important that our values are represented in these discussions. The web is more than just technology - it鈥檚 technology with the fundamental purpose of interconnecting humanity. Our human-centric focus is distinct in the world of Standards Development Organizations and as such we need to be helping to shape the future of the web wherever we can.
I made important contacts and already see opportunities for W3C to further step up, because If we don鈥檛, there are plenty of other organizations, public and private, ready to fill the void to keep work needed by the world moving, but without the same dedication to our mission.
Seth Dobbs posing in front of a House of Switzerland backdrop, WEF, Davos, January 2025
The W3C Web Interoperable Runtimes Community Group ("WinterCG") and Ecma International (the organization which standardizes ECMAScript, also known as JavaScript) have collaborated to create a new Ecma Technical Committee, TC55 鈥?Web-interoperable server runtimes, dubbed "WinterTC", for the development of a common web-aligned API surface for server-side JavaScript runtimes like Node.js, Deno and Cloudflare Workers.
Developers these days are increasingly working 鈥渇ull-stack鈥? writing code for the client side (often web browsers) and the server side (often based on JavaScript). Reusing web platform APIs reduces developers鈥?cognitive load and allows some logic to be shared between client and server, or easily migrated from one to the other. This sharing is increasingly employed in technologies like server-side rendering (SSR) and server actions.
For the past two years, the W3C Web Interoperable Runtimes Community Group (鈥淲interCG鈥? has been working to strengthen the convergence of server JavaScript runtimes with the web platform by defining a common base for JavaScript in web-interoperable server environments.
WinterCG鈥檚 most prominent work item is the 鈥?a href="https://github.com/wintercg/proposal-common-minimum-api">minimum common API", which defines the subset of the web platform to be supported across all web-interoperable server environments. Further, WinterCG drives development on the web platform itself, as implemented in browsers, e.g., AsyncContext. WinterCG serves as a place to gather requirements from server environments, to be solved for and standardized in other existing standards venues, including Ecma International鈥檚 TC39, WHATWG and various W3C Working Groups, when server and browser needs to align.
After incubating the 鈥渕inimum common API鈥?in WinterCG, the WinterCG participants decided to charter an Ecma Technical Committee, TC55 鈥?Web-interoperable server runtimes, ("WinterTC"), which will host the effort to standardize this API. The cooperation between venues builds off of decades of experience collaborating between W3C and Ecma International on ECMAScript (a.k.a. JavaScript) and the web platform.
Once Ecma TC55/WinterTC is set up fully, all WinterCG work will move there and the existing community group will close. WinterTC's work with W3C is not over though: "We still have a lot of work to do", says Luca Casonato, previously co-chair of WinterCG and now co-chair of Ecma TC55/WinterTC. "W3C is very central to the web platform, and a lot of the work from WinterCG touches existing web platform APIs. This means that Ecma TC55 participants and W3C will continue to work together closely."
Luca continues: "The W3C Community Group programme enabled us to start work on unifying server side and web browser JavaScript very quickly. It is a great programme that I can recommend to anyone in a similar position to ours. We are very grateful to W3C for providing us with such an excellent home over the last couple years."
We encourage participation between W3C members and Ecma TC55 to further the development of a unified 鈥渇ull-stack鈥?platform incorporating JavaScript and web technologies, across web servers and clients.
鈥?i>We are glad to see this work proceed from a W3C Community Group,鈥?said Philippe Le H茅garet, W3C Strategy and Project Lead. 鈥?i>Congratulations to the Winter Community Group on chartering Ecma Technical Committee, TC55. We look forward to future collaborations with the W3C WebAppSec (WebCrypto API), WebApps (FileAPI), WebPerf (HR-TIME) and WebAssembly (WASM-*) Working Groups, to effectively address and meet the needs of the community.鈥?/p>
"Ecma is pleased to announce the formation of TC55 (Web-interoperable server runtimes), a collaborative effort with W3C that reflects our commitment to serving the community,鈥?said Samina Husain, Ecma International Secretary General. 鈥?i>I commend W3C WinterCG for their dedication and foundational contributions, which have laid the groundwork for this important new technical committee in Ecma.鈥?/p>
Learn more about WinterTC and Ecma's TC55 website, as well as announcements from Ecma, Igalia and Deno.
]]>As the year 2024 comes to an end, the Web Consortium presents our 30th anniversary year holiday card (click the still image for the animation) to once more express our gratitude:
鈥淲ith you, our W3C community, we have achieved a lot in the past 30 years and we look forward to many more opportunities to work together and continue to build a web that works, for everyone鈥?/p>
Our card is available in the following languages, thanks to W3C Chapters and our Team:
It has been nearly two years since W3C re-launched as a public-interest non-profit organization, and almost a year since I joined as CEO and President. As I pause to reflect, I wanted to share some of W3C鈥檚 notable highlights from 2024. As you鈥檒l see, we demonstrated a lot of the 鈥渨hat鈥?of W3C in really important ways, but the 鈥渨ho" was also a big focus as well as 鈥渇or whom鈥?
W3C 30th anniversary
On the occasion of our 30th anniversary, we released a short animation (clip with audio description) with select milestones for W3C and the Internet between 1989-2024. At W3C@30 we celebrated three decades of W3C and of advances in the web, by lining up a few speakers who shared stories about the incredible impact of W3C standards on themselves or the world, and enjoyed ourselves during an authentic evening that culminated with a gala that was nice and cozy (as much as can be for several hundreds people). Photos are available.
Expanding the W3C Team
2024 was a big year as far as increasing the capability of the W3C Team. The W3C Staff has remained consistently relatively small over the years but this year we hired 10 new persons and managed to fill a number of important roles, and to create new positions that are in line with the work we need to be doing for a web that better serves humanity.
- Ken Troshinsky (USA), hired in February as Chief Financial Officer
- Simone Onofri (Spain), hired in February as Security Lead
- Ken Franqueiro (USA), hired in May as accessibility technical specialist
- Tamsin Ewing (New Zealand), hired in July as accessibility content specialist
- Tara Whalen (Portugal), hired in July as Privacy Lead
- Emma Fraser (USA), hired in July as Board enablement specialist
- Tzviya Siegman (USA), hired in September to spearhead our work in Sustainability, and to handle Member relations in North America
- Sylvia Cadena (Australia), hired in September as Chief Development Officer
- Christine Gefaell (USA), hired in October as Director of Legal & Compliance
- Catrina Ahlbach (USA), hired in November as manager of the Office of the CEO
I am proud in particular that we welcomed so many women to the Team this year and that we expanded even more the geographic and cultural diversity of our global Team.
Today the W3C Team operates primarily remotely and includes engineers and experts who work from 11 countries and across 12 time zones (Pacific/Auckland, Australia/Brisbane, Asia/Tokyo, Asia/Shanghai, Indian/Reunion, Europe/Athens, Europe/Madrid+Paris+Lisbon, Europe/London, America/New York, America/Chicago, America/Denver, America/Vancouver).
Principles and goals for the web
2024 was a year where W3C began to surface more of our guiding principles and goals for the web, with emphasis on the human impact of our work.
- Just last week we published as our first ever W3C Statement the Ethical Web Principles which are as much a guide in ethical thinking for our work in the W3C community as they are across the web industry.
- The document Vision for W3C articulates W3C鈥檚 mission, what it does and why that matters, and the values and principles by which it operates and makes decisions.
- W3C Team Member Dominique Haza毛l-Massieux published a white paper on managing the impact of AI & Machine Learning on the Web (blog)
- W3C Team Member Simone Onofri wrote a white paper on the societal, ethical, and technical impacts of digital identities (blog)
- W3C Members chartered the Sustainable Web Interest Group with a goal to improve digital sustainability so that the Web works better for all people and the planet.
Philanthropic external funding
Further underscoring the importance of our impact on humanity, W3C was the recipient of a major grant from the Ford Foundation 鈥渁s an investment in a more inclusive future.鈥?This funding will go towards development of web accessibility standards, guidelines, and implementation resources to support access for people with disabilities.
Not only will this strengthen the foundations for our work in accessibility to continue and thrive in the long term, but it is also a boost to our development efforts as this is the first grant that we received since becoming a US public-interest non-profit organization.
Vitality of the Consortium
Finally, I want to share the following 2024 key figures:
- 493 specifications are being actively developed, of which 284 are on the W3C Recommendation track (dashboard)
- W3C has 46 open working groups and 11 open interest groups
- To date, 1,955 Technical Reports have been published since 1 January 2024. Of those, 29 reached the status of W3C Recommendation, or, in other words became web standards. The first number is so big because about 1,800 of them were published as 鈥渄raft鈥?/li>
All in all, we鈥檝e accomplished a lot together in 2024. At the same time we have laid the groundwork to face some of the challenges in front of us as we move into the new year and to create an even bigger impact on the world.
W3C is seeking input from the wider community for appointment to the W3C Technical Architecture Group (TAG), having just released the election results. Please, do share this post within your organization or with friends and colleagues who might be interested.
Call to action
Following the W3C Process Document's rules for the TAG appointees, the W3C Team must complement the TAG election with actively seeking candidates for appointment to the TAG in order to support a diverse and well-balanced TAG, including diversity of technical background, knowledge, and skill sets.
This time, the W3C Team must appoint one individual. The term follows this election cycle and starts at appointment until 31 January 2027.
We have opened a mail address for an internal list that you can use to make suggestions for us to consider.
Please write by January 5, 2025 to our internal mailing list at nomination@w3.org to make suggestions, and tell us why. You may self-nominate or suggest other people. Please, be as specific but also as brief as you can.
Please, note two important aspects:
- The Process limits participation in the TAG to no more than one individual with a primary affiliation to a given organization. Affiliations of the individuals on the TAG are: Apple, Samsung, Alibaba, Google, Huawei and Mozilla.
- Appointees secure their own funding for TAG work, including travel.
Timeline
During the window spanning 17 December 2024 - 1 February 2025, suggestions are made to 鈥揳nd assessed by鈥?the W3C Team (including seeking willingness and financial ability to serve from individuals), and the W3C Team's choice is then subject to ratification by secret ballots by both the W3C Advisory Board and the TAG itself.
Roles of the W3C TAG
The TAG was created in 2001 as a special W3C working group, chartered to steward the Web architecture. To do so, it fulfills 3 missions:
- to document and build consensus around principles of web architecture and to interpret and clarify these principles when necessary;
- to resolve issues involving general web architecture brought to the TAG;
- to help coordinate cross-technology architecture developments inside and outside W3C.
The TAG is part of the Horizontal Review Process and reviews a large number of specifications done at W3C and outside, even during their early stage.
The TAG and the W3C Advisory Board are also part of the W3C Council to help resolve objections on specifications.
To be successful in these roles, the TAG needs to be well-balanced in its composition and individuals's complementary skills are highly valued. Effective work on the TAG is done because people demonstrate particular skills and interests in the following areas: understanding of web architecture, design review, diplomacy, chairing skills, cultural/social diversity, technical writing and copy editing, deep/broad technical knowledge.
Participating as a TAG member
Individuals elected or appointed to TAG act in their personal capacity, to serve the needs of the W3C membership as a whole, and the Web community. Whether they are Member representatives or Invited Experts, their activities in those roles are separate and distinct from their activities on the TAG. The TAG participants use their best judgment to find the best solutions for the Web, not just for any particular network, technology, vendor, or user. The participation commitment for the TAG includes:
- one teleconference per week,
- three to four in-person meetings per year,
- participation in TAG mailing list discussions,
- participation at the two Advisory Committee meetings each year (encouraged, but not required).
The web has transformed our lives, connecting people, ideas, and communities across the globe. But the web can also cause harm. The way we design web features and technologies can either mitigate or enable that harm. Technology is not ethically or morally neutral. Our technical design choices are ethical choices, whether we like it or not. That鈥檚 why the W3C鈥檚 Ethical Web Principles are so important. I've been working on these principles since 2019 when I was inspired to start thinking about how we could apply an ethical framework to the way we develop web specifications. W3C published them last week as their first W3C Statement.
But principles alone aren鈥檛 enough. How do we make sure these ideals translate into real-world impact? At W3C, this happens through rigorous review processes鈥攕pecifically wide review and design review.
From words to action: How review processes enforce ethics
Simply putting out a document with ethical principles can鈥檛 be the end of it. That is a route to 鈥渆thics washing鈥? Ethics washing refers to the practice of presenting ethical principles, commitments, or guidelines without implementing or enforcing them effectively, often to enhance public image or avoid criticism without making substantive changes. This concept is discussed critically in literature such as Elettra Bietti's paper, "From Ethics Washing to Ethics Bashing: A View on Tech Ethics from Within Moral Philosophy," published in the Proceedings of the ACM Conference on Fairness, Accountability, and Transparency (FAT* 2020). Elettra quite rightly calls out ethics washing (鈥渟hallow appearances of ethical behavior鈥? as a bad practice.
So how can we ensure that with the publication of the W3C Ethical Web Principles we are not falling into that trap? How can we embed these principles into the processes that shape the Web鈥檚 architecture?
Firstly, we need to recognize that the Ethical Web Principles were not created from nowhere. Hadley Beeman pointed out in her 2019 post on their first publication, these principles are reflecting how we already work. They are a reflection of the culture of the W3C community. The process of documenting them in simple, accessible language is a way to restate our assumptions, to recommit to the principles we already hold dear, and do so in one easily referenceable place.
Secondly, we need to infuse these principles into wide review. In W3C, we have both a culture and a process for wide review 鈥?the practice of ensuring work is reviewed across different web community stakeholders. W3C is a consensus-based organization, and you can鈥檛 achieve consensus without sharing your work with others, getting their feedback, and allowing that feedback to shape your work.
Within wide review, the Technical Architecture Group (TAG) performs design review, where groups come to us for architectural and design guidance. Along with providing technical design guidance, the TAG measures proposals against our core values like privacy, security, and accessibility鈥攁ll of which are grounded in the Ethical Web Principles. If something doesn't look right, the TAG can鈥攁nd often does鈥攕end it back to be reworked.
Connecting principles to practice: Privacy and web platform design principles
The Ethical Web Principles also inspire other guidance documents that provide more actionable advice, like the Web Platform Design Principles and Privacy Principles. These documents translate the higher level principles into concrete advice for specification authors. Our first design principle, the priority of constituencies, states 鈥減ut user needs first.鈥?That guidance refers back to the Ethical Web Principles on not causing harm to society and enhancing individuals鈥?control and power.
This kind of practical guidance bridges the gap between ethics and execution, ensuring that our standards serve real-world needs without compromising core values.
Centering human rights
Ethics in web standards isn鈥檛 just about avoiding harm. It鈥檚 about actively building a web that works for everyone, grounded in respect for human rights. The W3C鈥檚 processes鈥攚ide review, design review, and actionable guidance鈥攅nsure the web remains a force for good. In a world where technology often undermines rights, the web can and must do better.
A call to action for web developers and advocates
The Ethical Web Principles are as much a guide in ethical thinking for our work in the W3C community as they are across the web industry. This isn鈥檛 a one-and-done effort. And we can鈥檛 do this alone. We need your help. If the Ethical Web Principles resonates with you, let it (and other relevant documents such as our privacy principles) guide how you design web products and services. And while you鈥檙e at it, please get involved in web standards. Join a group. Comment on an issue. Add your voice. And call us out when it seems we鈥檙e not living up to our goals.
Photo by Denise Jans on Unsplash
The web is a fundamental part of our lives, shaping how we work, connect, and learn. We understand that with this profound impact comes the responsibility to ensure that the web serves as a platform that benefits people and delivers positive social outcomes. As we continue to advance the web platform, we must therefore consider the consequences of our work.
In response to this need, the W3C Technical Architecture Group (TAG) has published the Ethical Web Principles as a W3C Statement. This is the first W3C Statement being published since the W3C Process Document introduced them in November 2021. W3C Statements provide a stable reference for documents not intended to be formal standards, but have been formally reviewed and are endorsed by W3C.
The Ethical Web Principles are as much a guide in ethical thinking across the web industry as they are a guide for the work of the W3C community by providing a concise set of principles to assist spec developers, authors, and reviewers in their work. In particular, the purpose of this document is to inform the wide review of new charters, new specifications, candidate additions to published recommendations, and the development of actionable technical guidelines such as the Web Platform Design Principles and Privacy Principles. Furthermore, the document outlines how we, as an organization, define the power and purpose of the web, from an ethical standpoint.
These principles are not merely theoretical; they constitute a call to action. They encourage everyone involved in the web's evolution to assess their contributions' societal and environmental impacts. We can create a web that truly benefits everyone by adhering to these principles:
- There is one web
- The web does not cause harm to society
- The web supports healthy community and debate
- The web is for all people
- The web is secure and respects people's privacy
- The web enables freedom of expression
- The web makes it possible to verify information
- The web enhances individuals' control and power
- The web is an environmentally sustainable platform
- The web is transparent
- The web is multi-browser, multi-OS, and multi-device
- The web can be consumed in any way that people choose
W3C has a long history that embeds its core values and principles in the web鈥檚 architecture. As members of the web community, we each play a part in shaping its future. The Ethical Web Principles remind us that the web extends beyond technology鈥攊t鈥檚 a reflection of the values we hold as a global society. Let us adopt this guide to enhance a web that connects and empowers us all.
Photo by Denise Jans on Unsplash
W3C 30th anniversary cake. Photo by Atsushi Shimono, W3C
I returned from my first W3C TPAC week energized and thoroughly impressed by the drive and the strong sense of community.
TPAC is our annual, now-hybrid meeting, where most W3C work groups meet amongst themselves or jointly, to coordinate solutions and resolve challenging technical and social issues that the Web faces. TPAC 2024 was the 24th edition of that popular and well-attended yearly event. 845 attended in total, with 549 at the in-person hub in Anaheim, California (USA) and 296 remotely. We used 15 to 17 separate meeting rooms each day at once and held a total of 191 meetings that week. 87 of them were part of the Breakouts day on Wednesday, dedicated to sessions organized by TPAC participants themselves.
I wish to come back to the incredible spirit of community that I felt throughout the week but one moment stood out. Our event was disrupted on day 2 by a two-hour power outage that affected the entire block. Rather than being upset, one of several paths were followed - some people in our group helped ensure others were safe and accounted for (in particular those in wheelchairs), some found spaces to continue working, some took it as a salutary break. One of our attendees who had arrived that day saw the room he was in get dark just as he plugged his computer and thought he had caused it. Others joked that the power cut was a radical way to pause the jack-hammering that was taking place as part of the hotel renovation - another unfortunate source of disruption in some meeting rooms.
I had a lot of conversations with members via zoom and in person, in the hallways, during breaks and meals. While some concerns about our future and the future of the web were voiced, there is a clear expression of optimism across our community, and genuine commitment to making the web work for everyone.
Another highlight of the week was the celebration of the 30th anniversary of W3C (the actual anniversary falls on the first day of October). We carved out time at the end of Wednesday for inspirational talks and a gala. It was a great celebration. After kick-starting the Talks with a short anniversary video spanning 1989-2024 with milestones for W3C and the Internet, I spoke about the challenges we鈥檝e overcome to bring the web to where it is today and the challenges in front of us. We鈥檝e changed the world and will continue to.
I really enjoyed the other speakers covering the past, present, and future. We focused on celebrating our community, and on our impact on humanity.
The gala dinner gave members an opportunity to make a toast, or share their gratitude to the community. Food and company was excellent and the atmosphere was friendly and relaxed. The cake arrived. It was splendid and delicious, it turned out. I asked to be joined for the cutting by Tatsuya Igarashi, the representative from Sony (one of the few organizations to be a Member since W3C鈥檚 founding in 1994), and by David Singer of Apple, the outgoing Chair of the W3C Board of Directors whose last W3C event it was now that he is retiring. And like any good party, most stayed late and the hotel staff had to kick us out of the veranda lest we kept the hotel guests from sleeping.
Tatsuya Igarashi (Sony), David W. Singer (Apple), Seth Dobbs (W3C) cutting the cake. Photo by Atsushi Shimono, W3C
The week also saw us have our first W3C Team Day in over a decade. We used the opportunity that so many of our staff were present for TPAC to spend an extra day with each other. And we were able to include during most of our activities and via video conferencing all the Team members who had not been able to attend in person. For many of us, not just new folks like myself, this was the first time that people were meeting each other in person. It was a great opportunity to connect / reconnect and build the bonds needed to do the challenging but captivating work that we鈥檙e involved in.
All in all I returned home exhausted but energized and confident in our consortium鈥檚 collective ability to face whatever comes next.
At TPAC 2024, this year's edition of W3C鈥檚 big annual meeting, attendees proposed a record number of breakouts (87) compared to 69 in 2023. We identified some prominent themes among the sessions:
- AI
- Identity
- Wallets
- Web Apps
- Web Components
- Feature lifecycle
- Permissions
- Real-time Web
There were many other sessions on both technical topics and ideas for improving incubation and standardization at W3C. We invite you to check out the agendas, minutes, and slide decks available from the breakouts page.
As is the custom, we survey TPAC attendees and have already heard both enthusiasm for this year's breakouts and ideas to improve them. Here's a sample of support:
- "At first I was overwhelmed by the many breakout sessions, but it didn't take me long to determine which I wanted to attend. These were excellent, and a great way to get people to mix together and discuss a broad range of things. I particularly loved the Web on the Moon session in the afternoon."
- "The breakouts are the best part of TPAC and I wish there was more space for them."
- "Very dense, very useful, many conflicts to manage because of many interesting sessions."
- "Breakouts were great, and there was only one instance where two sessions I wanted to attend conflicted."
It is easy to detect in these encouraging comments (hand-selected for this post, yes, but also representative) a recurring theme: the number of sessions in parallel created conflicts. We wrestled with that issue in the planning phases. We anticipated over 500 attendees (which came true) and chose to allocate enough breakout rooms to accommodate them. We ended up with 15 sessions in parallel during each time slot, which created ample choice for some and conflicts for others.
We have some ideas for improving the situation. For example, we want to enable all TPAC attendees to participate in breakouts, but we recognize that, in practice, not all of them do. We think we can improve our strategy so that we schedule fewer sessions during a given time slot without overcrowding rooms or turning people away.
Several people have suggested that we add more breakout sessions to other days of the week, which would help, but involves other tradeoffs because traditionally groups want enough time for their meetings on other days.
After TPAC 2023, we also heard feedback about attendee conflicts, so we organized our first fully remote, non-TPAC Breakouts Day in March 2024 to handle some of the overflow; see the related blog post. We anticipate organizing a similar event in early 2025.
Beyond scheduling considerations, we have also received (and continue to receive) suggestions for other enhancements, including making time for follow-up discussions for some of the breakouts later in the week, making it easier to organize one's breakouts day experience, and providing more guidance to session chairs. We look forward to hearing other suggestions (via GitHub issues) to improve breakouts for attendees and encourage topics that are most relevant to the community.
]]>Today is the 55th World Standards Day. The first one was declared in 1970. It is still relevant today and worthy to honor the efforts of the many individuals and organizations who develop voluntary standards. Standards are blueprints for systems and technology to operate as seamlessly as possible.
Standards are instrumental globally both at the social and economic levels. Standardization is the development by consensus of technologies, techniques, systems and processes which aim to maximize compatibility, interoperability, safety, repeatability, or quality.
W3C is a standards development organization (SDO) which launched in 1994 -- 30 years ago. We celebrated W3C's 30th anniversary a week in advance this year, taking advantage of our community gathering for our yearly conference, TPAC 2024, where our work groups coordinate solutions and resolve challenging technical and social issues that the Web faces.
In 30 years W3C published 14254 technical reports for 518 web standards. The rest is standards-to-be all at different milestones of maturity, notes which are informational documents, registries or superseded documents because all technologies evolve and improve.
In 1946 when 25 countries decided to form the International Organization for Standardization (ISO) my parents were toddlers. In 1970 when the first World Standards Day was celebrated I wasn't yet born. In 1994 when W3C was launched by Web inventor Tim Berners-Lee I was a student. I joined W3C in 1999 and its mission and values shaped the person I became.
My point is that standardization is in-depth work that is done in the very long run. Standards are everywhere, ubiquitous, almost like utilities. They are so low-level that for the most part people are made aware of them only when they are controversial, fragmented or do not work. Part of my job in the W3C Communications Team is to ensure that key parties are aware of the Web standards work of the Web Consortium so that they can participate.
A few weeks ago, I was asked to talk about (my) history of the web and my relationship with the World Wide Web Consortium. Brian Kardell on behalf of W3C Member Igalia hosted and filmed the interview which aired late last week. I was delighted by the favorable timing which would see this "Igalia Chat" released the same month W3C celebrates its 30th anniversary.
I hesitated to accept the invitation because I didn't think I had a lot to contribute, given that I joined W3C only thanks to my good fortune, and given that unlike so many in the Web and Internet community I took a non-traditional discovery path. But Brian being an excellent host, he coaxed out of me a lot more than I was aware I knew. So many memories resurfaced! For example did you know the 1998 soccer World Cup was streamed live, in ASCII, over Telnet? I watched it!
Parts of the interview are a bit personal, but I shared with Brian some of my favorite thoughts and hopes for W3C.
My history of the Web starts at the discovery of a URL in 1995 on the back of a Sony Music CD, at making friends over IRC in 1996, then learning LaTeX in 1998 before learning HTML in the early 2000s while at W3C to work on and for the Web.
My relationship with W3C started in late 1998 at a job interview that I had not prepared for because I had little hope to be hired, but which turned out to be massively interesting. I got the job in January 1999 and today, 25 years after, I've held many roles within the organization and today still I continue to advocate internally about the things I care about for the Web and what as a public-interest organization the Web Consortium must do to better connect humanity.
Of my early "W3C years", we talked about Napster, Netscape Composer, Blogger, My.Opera, Blosxom, MovableType, WordPress, CSS, W3C's annual conference TPAC which I helped organize for many years, Social media and Mastodon, Identi.ca, a few pivotal moments for W3C, including the creation of Community Groups to significantly expand how web features could be incubated and put on the "fast track" for standardization. We took a trip back to 1994 to explain why W3C was set up the way it was, and then Brian and I could reminisce on why we had met in the first place 10 years ago: attempting to create a Membership tier with a reasonable fee allowing individuals to become W3C Members without paying the same fee as a small organization. Fast forward to 2023, W3C incorporated as a 501(c)(3) in the US, becoming officially the public-interest non-profit organization that it's always been. This is where I'm treading a bit of uncharted waters: after being a vocal proponent internally of doing more for Web sustainability and human rights, it would seem like there are opportunities for W3C's meaningful work to be complemented which may be coming to fruition in the near term.
If you watch/listen I hope you learn something!
Igalia's Brian Kardell chats with the Head of W3C Marketing & Communications, Coralie Mercier about the her history and relationship with the Web and the W3C.
Read transcript for History of Web BlinkOn 19: Coralie MercierAs W3C celebrates 30 years, we also celebrate the success of the Accessibility Education and Outreach Working Group (EOWG), share news of its closure, and look forward to a new chapter in W3C accessibility work.
EOWG impact
When W3C launched the Web Accessibility Initiative (WAI) way back in 1997, the web community had little awareness of accessibility. In 1998, W3C chartered the Education and Outreach Working Group (EOWG) with a mission to develop strategies and materials to increase awareness of the need for web accessibility, and educate the community on web accessibility solutions. EOWG's mission evolved over the years to develop strategies and resources to promote awareness, understanding, implementation, and conformance testing for W3C accessibility standards; and to support the accessibility work of other W3C Groups.
It's now 25 years later and accessibility is an integral part of the web. EOWG was part of that evolution.
EOWG crafted a body of resources that fill a vital role in understanding the need for accessibility, in the adoption of W3C's accessibility standards around the world, and in accessibility implementation throughout a wide range of environments. To highlight a few:
- How people with disabilities use the web
- Tips for getting started designing, writing, and developing for accessibility
- Tutorials covering page structure, menus, images, tables, carousels, and forms
- Making audio and video media accessible
- Planning and managing web accessibility
- Easy checks 鈥?a first review of web accessibility
- those listed in Accessibility fundamentals overview and Resources for roles including for managers, testers, policy makers, and educators
EOWG has also:
- Supported the accessibility work of other W3C Groups, for example, significantly contributing to the approach and content design of the Website Accessibility Conformance Evaluation Methodology (WCAG-EM)
- Developed tools such as the How to Meet WCAG (Quick Reference), WCAG-EM Report Tool: Website Accessibility Evaluation Report Generator, and Accessibility Statement Generator
- Supported W3C-wide accessibility, for example, developing Making Events Accessible: Checklist for meetings, conferences, training, and presentations that are remote/virtual, in-person, or hybrid
EOWG resources have been viewed millions of times and are used in a wide range of contexts, including governments, universities, and industry. EOWG resources have been translated into multiple languages.
Structure for W3C's accessibility education and outreach work
Web accessibility has evolved and W3C's options for group work have evolved. While most W3C Members strongly support W3C's continued work on accessibility education and outreach, there is insufficient Membership support for the work in a Working Group.
After much deliberation, we made the difficult decision not to propose re-chartering the Working Group in 2024 and we will be closing EOWG. Several former EOWG participants are already contributing through other WAI Working Groups and Task Forces.
Be assured that W3C's accessibility education and outreach work will continue!
- Existing and new WAI staff, including a full-time accessibility content specialist, will update and develop accessibility resources and expand outreach. This staff work is funded by a grant and non-Member funds.
- We will encourage collaboration and vetting through the new Advancing Accessibility Resources Community Group. The W3C Community Group model has several advantages, including that participation is open to anyone. You can join!
- We will seek input through GitHub, through user studies, and through the existing WAI Interest Group (IG) mailing lists. You can subscribe to the Announcements list to learn about drafts for review.
Thank you EO
As an Invited Expert, Chair, W3C Team Contact, and Editor for EOWG over nearly 23 years, I (Shawn) am proud of all that the Group accomplished. Please join me in heartfelt thanks to:
- Co-Chairs: Sharron Rush, Brent Bakken, Kris Anne Kinney, Brian Elton; and the first Chair: Judy Brewer
- Editors: Shadi Abou-Zahra, Eric Eggert, Kevin White, Daniel Montalvo, Andrew Arch, Hidde de Vries, Sharron Rush, and others listed in the footer of each resource
- EOWG participants who contributed their valuable time, knowledge, and perspectives
EOWG has been a positive, supportive group with plenty of laughs along the way. Among the many resources the group developed collaboratively are videos that illustrate:
- Accessibility: Essential for some, useful for all
- Accessibility: It's about people
- The importance of involving users in web projects
EO next
W3C's accessibility education and outreach work continues. We look forward to this next chapter in the evolution to support W3C's mission that humanity can experience all that the web has to offer. We will continue working to make the web and related technologies accessible so that people with disabilities around the globe can participate equally in the digital world.
We invite you to learn more about all of W3C's accessibility work and how you can contribute:
Onward!
]]>
Continuing the series that puts the emphasis on the key areas that help ensure that the Web works, for everyone, this month I am diving into Web security. It is one of the key areas that we call 鈥渉orizontals鈥?and that shape every W3C work package because they involve approaches that are common to all work groups. Our horizontals are Web accessibility, internationalization, security and privacy.
The imperative
A technology isn鈥檛 truly beneficial to humanity if it isn鈥檛 safe, and security standards are an essential aspect of ensuring the Web is safe.
Security, along with Privacy, are integral to human rights and civil liberties and have long been important in the World Wide Web Consortium's agenda. W3C has a long history of improving Web security and our work has been instrumental through the development of authentication technologies that can replace weak passwords and help mitigate threats from phishing and similar attacks.
Security is essential to our digital lives as appropriate measures can create trust between people, organizations, businesses, and governments, and while advances on the web make it easier for people to interconnect, this results in a wider attack surface for servers. In other words, the more ways you allow people to interact with your site and products, the more ways bad actors have of attacking.
As users we want to engage with what we trust. We want to ensure our information, our money, and other resources aren鈥檛 stolen. We want to make sure we are interacting with who we really think we鈥檙e interacting with. As a provider of information, service, or product on the web we want to ensure that we reduce risks and costs, and that we increase trust and strengthen our reputation.
How W3C approaches Security
We follow a recipe that is simple but which details are of importance:
- Develop security technology standards
- Review the security of web standards
- Guide Web Developers to design and develop in a secure manner
At the heart of developing the right security standards is threat modeling, which enables the creation of living documents that identify cross-areas threats and mitigations and provide information on residual risks, and in turn frame and guide technical specifications.
We are in the process of elevating the conduct of reviews from a pool of volunteers to a chartered group, called the Security Interest Group (SING) whose charter the W3C Members are currently assessing as part of approving the group. With a mission to improve Security on the Web by advising groups developing standards on how to avoid and mitigate security issues with their technologies, the Security Interest Group would also suggest changes to existing standards and technologies to improve the security of existing systems.
Last February, we welcomed to the W3C Team our new Security Lead, Simone Onofri. Among the many projects he set into place, he helped launch a cross-organization group, called the Security Web Application Guidelines (SWAG) Community Group, to guide Web developers and ensure a holistic approach to security through the edition of web creators security best practices and providing a platform for stakeholder collaboration (e.g., OpenSSF, OWASP, Open Web Docs, etc.)
In focus: Digital Identities
In recent years we've seen the emergence of the paradigm of decentralized identity and credentials, where users have a digital wallet and control over their identity. All sectors, from social networks and education to enterprises and governments worldwide are considering becoming providers and consumers, with the intention to have digital credentials that are more secure and privacy-preserving than physical ones.
Given the societal, ethical, and technical impacts, Simone and the W3C Team wrote a paper on Digital Identities on the Web. "Identity & the Web" analyzes through different use cases the systemic impact on both the market side and the human side, as well as the role that Web standardization may play in managing that impact. We published the report this month and are looking forward to charting a credible and safe path to strengthen the position of the Web during this rapid evolution phase of the information ecosystem.
Key players
I want to conclude by emphasizing that as a horizontal area, Web Security matters to most and that most can be key players. Whether you are an independent developer or work for an organization that develops products or services, or are a user, your participation in Web Security can make a difference and will be meaningful: contributing to a Web that works for all humanity.