Wednesday, 18 May 2011

Web Standards for Higher Securities

Big part of the world is now dependent with web technology. From time to time, billions of people are interacting online; people of various races and using different platforms. and as the internet continuously grows, the authenticity of information and identity are both at stake. With this, the need for higher security in the web is vital.


Everyday, confidential information are being compromised without any leads of who stole or hacked the data. Also, when a person realized that his online information are compromised like passwords or emails, his first option is to just modify passwords or change his online accounts rather than knowing the person behind information thefts. Hence, this way will only keep us safe for the mean time but unless the root cause is resolved, our information is still in great danger. Chances are, one of these days, we will again change passwords or online accounts. In this case, tracking the real person behind every web transaction is essential.


In connection, W3C recently announced their soon workshop for “Identity in the Browser” studies. As per announcement, they stated that “For critical enterprise activity, effective government engagement, and sensitive social information accessed over the Web, a higher level of identity assurance, privacy protection, and security is required, and client-side technologies like browsers have an important role to play.(http://www.w3.org/)


The goals of the workshop are to increase security, usability and trustworthy on the web; and these goals can be achieved by doing further investigations on possible developments to improve identity authentication and authorization.


Below are the W3C suggested scope and topics for the workshop studies:


(Reference: http://www.w3.org/)



  • mutually beneficial relationships between server-side and client-side identity approaches;

  • novel and existing approaches toward digital identity on the Web that could be integrated across browsers;

  • interactions between identity in the browser and the use of identity across multiple devices;

  • the relationship between the Web and enterprise identity;

  • How websites communicate their account management interfaces and their requirements for authentication;

  • user experience and interface issues for identity and security in the browser;

  • APIs for identity management and security tokens;

  • statements of interest and implementation experience from browser vendors, Web application developers, and plug-in developer;

  • analysis of current digital identity solutions in terms of security and privacy;

  • anonymity, reputation, and zero-knowledge proofs;

  • assuring trustworthy results, including obligations and responsibilities of both users and browsers;

  • use-cases and requirements from enterprise, online banking, government, health, business, regulatory bodies, and activist groups;

  • social, policy, and legal regulatory issues relating to identity, security, and privacy as they potentially impact any of the above;

  • proposals for co-ordination between standards bodies long active in the digital identity space and the W3C.


Despite that many of us are not aware of potential losses that we may get online; this step of improving security and trailing the true person behind suspicious actions will greatly increase our trustworthy on the web.


Image from: SXC

No comments:

Post a Comment