Security standard open kitchen

Standards are an interesting kitchen, where the technology is discussed, cooked, sampled and finally implemented. It could work in closed loop, between vendors. But our world is turning into a user centric manufacturing house. And standards are no exception. This is why, at the same time specifications are developed at W3C, it's useful to go in front of web developers and ask ‘hey look at what we are doing, is it to your taste?’

Standing in front of a crowd of Web developers is a great way to test a dish from the Standards kitchen. I will be doing that in October, at a conference I really like, where the audience asks questions and challenges the speakers, at the end of sessions or in corridors or casually around beers. This conference is Paris Web, a two-day francophone conference --followed by a day of practical workshops-- that attracts over 1,300 participants around the DNA (major ingredients?) of the Web, with topics such as open standards, Web design, accessibility, UX, quality, etc. I'm particularly happy that for its 10th edition, Paris Web gives a strong focus on privacy and security.

In my talk "Quoi de neuf sous le ciel de la sécurité du web et des internets ?" (“What's up in the heavens of security for the Web and Internet?”) I will promote the recent work in Web Application Security, Web Cryptography, Privacy, together with security and privacy related activities of the Technical Architecture Group.

I’ll do my best to expose the recent security and privacy achievements, ongoing plans, and developing success of W3C which I recently described in my blog.

• I am planning to convince the audience that security matters and tell how W3C progresses on that quest.
• How users could win a decent treatment of their application permission, but also better understand the danger and countermeasure of browser fingerprinting.
• How web developers could implement security policy based on crypto operations, and create mixed content with less security risk, thanks to the Web Crypto API, CORS and CSP.
• How important it is to improve user and service provider’s interest by promoting usage of HTTPS.
• How the next features of the open web platform could be made available in secured context.

I believe that demonstrating that W3C is the right place to think and design the trusted Web is also a good means to increase the value of the work which takes place there, contributed by all W3C members.

I want also to win something else by promoting W3C activities: collect good insight from the French and European community during the conference, and possibly get some of these smart people on-board so that they can contribute to the Working Group. I'm looking forward to answering questions after my talk, listening to the audience challenge our work, and sharing a beer with those passionate men and women, as we'll toast to Paris Web for it's 10th anniversary!