Web Standards

version of this report

You must have Adobe Acrobat reader to view, save, or print PDF files.
The reader is available for free

Web Standards

by Geoff Keston

Docid: 00021037

Publication Date: 1912

Report Type: STANDARD


Standards for the Web affect everyone from backbone providers
to home users, and they play a part in everything from long-term
strategy-setting to the routine management of an enterprise network.
Researching every standard in-depth and following all developments
would overburden anyone but a handful of specialists, so organizations
must determine what they need to know based on factors such as their
industry and the particular types of equipment they use.

Report Contents:

Executive Summary

[return to top
of this

The standards that govern Internet and Web technologies emerge
from a handful of industry groups, most notably the Internet
Corporation for Assigned Names and Numbers, the Internet Engineering
Task Force, and the World Wide Web Consortium. 

Faulkner Reports
Checklist for IPv6 Readiness
HTML5 Basics Tutorial
The New
Top-Level Domain Names: Impact and Implications Tutorial
The Internet of Things Market Trends

Although most work done by these groups is directly relevant
only to specialists in a particular field, even administrators of small
enterprise networks must stay on top of key standards developments. For
instance, ICANN has developed what are known as gTLDs, a relatively new
type of domain name that expands upon familiar offerings like .com and
.gov. Also, organizations must monitor the usage rates of existing
standards, such as IPv6, which are approved but whose industry impact
depends on when they will be put into wider use.

Monitoring developments in the field of Internet standards is
important for any type of organization, but an organization’s size and
industry determine the perspective from which it will view the topic.
The following list outlines the strategies that different types of
organizations should follow toward standards:

  • Internet device manufacturers would be prudent to follow
    standards closely from their initial proposal date.
  • Telecommunications providers must follow proposed
    standards from the
    start, but they do not need to pay close attention until the proposal
    begins moving forward.
  • Enterprise IT departments can monitor overall developments
    periodically and carefully research only those standards that are near
    ratification and that will directly impact the organization.
  • E-commerce providers can approach research much like an
    enterprise IT
    department, but they should pay close attention well before a standard
    is ratified.
  • Application developers should evaluate a proposed standard
    early on in
    the ratification process, and, if the standard could have a major
    on their software products, examine it closely.


[return to top
of this

Standards bodies bring together industry experts and
coordinate the process of developing and gaining acceptance for new
protocols. They also conduct activities to gauge or generate interest
in a potential standard. For instance, apart from its formal standards
development process, the World Wide Web Consortium (W3C) often
organizes open discussions and other events aimed at determining the
interest in, and need for, a standard in a new area. If the outcome is
positive, the W3C will then launch official steps toward developing
that standard.

Some standards are developed through more than one
organization. This was the case with HTML, for example. The Internet
Engineering Task Force (IETF) created some versions of the HTML
specification, while the W3C, through which HTML was first created,
picked up work again at version 3.2.

Table 1 describes the basic missions of the leading Internet
and Web standards bodies and identifies the major standards areas they

Table 1. Leading Web and Internet Standards Bodies
Organization Fields Covered Major
Standards/Services Created
ECMA TC39 ECMA TC39, based
in Geneva, Switzerland, has operated since 1961. Major corporations
such as
BT, IBM, Intel, Hitachi, HP are members, and the organization’s
leadership has come from such firms.
ECMAScript, which is a standardized version of
JavaScript; Office Open XML file formats; authentication and cryptography standards
Organization for Standardization (ISO)

The International Organization for Standardization is a
leading standards organization, but its role in the development and
adoption of Web standards has been minimal.

Provides less
conspicuous Web-related standards, such as ISO/IEC TR 18016:2003:
Information technology – Message Handling Systems
(MHS): Interworking with Internet e-mail and ISO/IEC 29363:2008 WS-I
Simple SOAP Binding.

It also provides formalized guidance on practices such
as software engineering for Web sites (ISO/IEC 23026:2006).

In 2015, ISO issued major revisions of many core
standards, such as 9001, 14001, and 27001.

Corporation for Assigned Names and Numbers (ICANN)
Focuses on the standards used to
assign and manage the unique identifiers given to each host on the
Internet. The identifiers fall into three categories: domain names; IP
addresses and autonomous system numbers; and protocol port and
parameter numbers.
Maintains IP and
IPv6 space allocation, Whois, domain names, Internationalized Domain
Names, domain name spaces (DNS).
Engineering Task Force (IETF)
Focuses on the architecture of the
Internet and operates internationally. It functions under ICANN.
The creation of
HTTP 2.0, which was approved in early 2015, could help Web pages to
load more quickly.1 Version 2.0 was the
standard’s first revision in 16 years.

Maintains Uniform Resource Identifier (URI), IPSec, Atom
Publishing Format and Protocol (atompub), Electronic Data Interchange
(EDI), Electronic Data Interchange-Internet Integration, HyperText
Markup Language (pre-HTML 3.2 only), HyperText Transfer Protocol
(HTTP), Internet Message Access Protocol (IMAP), LDAP (v3) Revision,
OSI Directory Services, Telnet, Uniform Resource Identifier (URI), IP
Version 6 (IPv6).

World Wide Web
Consortium (W3C)
Focuses on Web application standards. Maintains HTML
(3.2 and later), Cascading Style Sheets (CCS1), Mathematical Markup
Language (MathML), Synchronized Multimedia Integration Language (SMIL),
Document Object Model (DOM), XHTML, SOAP, RDF, Web Ontology Language
(OWL), Simple Knowledge Organization System Reference (SKOS), SPARQL,
Widgets 1.0

Current View

[return to top
of this

IPv6 Planning

Organizations should not limit their standards research to monitoring
schedules on which new standards will be ratified. It is equally
to consider when accepted standards will be put into widespread use.
task is more difficult because, unlike the ratification process, it
on the tough-to-predict activities of a variety of organizations across
entire industry.

A case in point is Internet Protocol version 6 (IPv6), the
next generation of the IP protocol, succeeding IPv4. It was
approved long ago but took time to begin widespread deployment. Over
the past few years, however, usage has grown sharply. From November 27,
2014, to November 27, 2019, the number of users accessing Google via
IPv6 grew from 4.21 percent to 25.63 percent.The
high cost and technical
difficulty of implementing IPv6 have been factors in keeping adoption
rates from growing more rapidly, with large technology companies making
the transition more
quickly than other companies.3


Some of the most significant recent Internet standards work
has been done on IDN (Internationalized Domain Name) ccTLDs (Internet
Domain Name Country Code Top-Level Domains), the first of which were
released in 2010.4 IDNs are designed to
accommodate the use of Internet domain names that do not use the Roman
alphabet, whose characters can already be translated into binary code
by applications. 

Another key development is that in 2011, ICANN eliminated many
of the limitations on top-level domains, making a much wider range of
names available. These rule changes allow registrars to pay to create
and sell specialized top-level domains, including names such
as .guru and .plumbing. The move has been controversial
because it potentially pressures brand owners to buy more domains to
protect against cybersquatters.

For more information about the new top-level domains and the
potential risks they pose to companies, see “Reputational Damage from
New Generic Top-Level Domains (gTLDs)” in Faulkner’s Security
Management Practices and “The New Top-Level Domain Names: Impact and
Implications” in Faulkner’s Advisory on Computer and Communications
Technologies (FACCTs).5

The Maturity of Standards

Many Web standards are mature. While vigorous activity
continues in order to accommodate new technologies and improve existing
ones, in many cases, debate and development have been superseded by
acceptance and maintenance. 

Today, the industry is focusing more on education
about existing standards than on developing new ones. A leading example
of this shifted focus is the creation of Webplatform.org, which aims to
provide “The latest information on how to use the technology that runs
the web – HTML, CSS, JavaScript and more.” It describes itself as being
“a project of the W3C and the Web Platform stewards – Adobe, Apple,
Facebook, Google, HP, Intel, Microsoft, Mozilla, Nokia, and Opera.”

One notable exception is a new
standard, WebAuthn, which was approved in March 2019 by the W3C.6
WebAuthn aims to replace Web passwords with alternatives such as
biometrics (e.g., fingerprints) or devices a user owns (e.g., a phone).
Explaining the motivation behind the proposed new standard, Jeff Jaffe, CEO
of the W3C, describes passwords as “one of the weakest
links” of Web security.7


[return to top of this report]

Cloud Computing Standards

The use of cloud computing, which offers customers online storage and
services, is a major force reshaping the Web.
There are
many providers offering cloud computing today, including Amazon Elastic
Compute Cloud (Amazon EC2) and Rackspace. But these services are
and not governed by universal standards.

One significant potential development would be the revision of the
National Institute of Standards and Technology’s (NIST) cloud computing
definition. Published in 2011, the original definition standardized key
terminology and concepts, helping to bring some uniformity to how cloud
services were understood and delivered. But new technologies, such as
serverless computing, aren’t included in the definition, even though
they have become common in the industry.8

A revised NIST definition would not be a substitute for
from an organization like the W3C, however. If a complete set of
standards for
cloud computing were
developed and widely adopted, the way could be paved for much wider use
of the technology across the Internet.


The latest generation of the Web’s primary coding language
was published in 2014 after years of development. This version, HTML5,
is designed to make it easier to integrate multimedia into pages,
eliminating the need to use plug-ins for some less sophisticated audio
and video applications. There are other ways to achieve many
of the benefits of HTML5, however, and for some purposes HTML5 will not
be the best choice or even a feasible one. So developers will continue
to have, and often need, other options, including Cascading
Style Sheets, Flash, Gears, and JavaScript.

The Internet of Things

A significant focus of recently developed standards is the Internet of
Things, the quickly growing connections among devices such as sensors.
Object Management Group has been a leader on this front, offering the
following relevant standards:

  • Data Distribution Service (DDS)
  • Dependability Assurance Framework For Safety-Sensitive
  • Threat Modeling
  • Structured Assurance Case Metamodel
  • Unified Component Model for Distributed, Real-Time and
  • Automated Quality Characteristic Measures
  • Interaction Flow Modeling Language (IFML)

Another sign that the Internet of Things may soon become more
is that in 2017 the US Department of Commerce began a project to
identify standards related to security and the Internet of Things.9
The US Senate is also showing interest in pushing for

More recently, standards group ETSI published a detailed specification
describing guidelines for the security of consumer Internet of Things networks.11
The ETSI guidelines are aimed at the manufacturers of devices from toys
to appliances to home alarm systems. Guidelines include “[m]ake it easy
for consumers to delete personal data” and do not use “universal
default passwords.”12


[return to top
of this

Staying informed about standards is important for all Web
technology users, even home consumers. But the amount of attention that
must be paid and what must be looked for depend on many factors. Table
2 identifies several types of organizations that would be affected by
changes in standards and recommends a general strategy for each.

Table 2. Considerations for Examining New Standards
Organization Type Recommendations
and Timeframes for Examining New Standards
Internet Device
Manufacturers of
routers and other hardware devices used as critical parts of the
Internet’s infrastructure face perhaps the greatest challenges related
to conforming to new standards. Product development lifecycles are
typically long, and standards that are built into firmware may not be
easy to upgrade.

Manufacturers should examine new standards closely as
soon as they are proposed and continue following closely after that.

As users of the
most expensive equipment that Internet device manufacturers produce,
telecom providers could be forced by changes in standards to make
expensive new purchases or to perform extensive upgrades. These changes
would possibly need to be made before the end of ordinary product
lifecycles, which, in the case of high-end internetworking equipment,
tend to be long.

Telecom providers should examine standards at least
cursorily when first proposed and then closely when the standard moves
past its initial stages.

Enterprise IT
Fortunately for a
typical enterprise IT department, only a small percentage of its
equipment and software will be affected by a particular new standard,
and the changes will often be planned and integrated into products (or
product updates) by manufacturers, leaving the IT department with only
a small amount of work to perform to meet the new standard.

IT departments should monitor developments in the
overall field periodically. When a proposed standard becomes certain to
be ratified, the department should determine its impact on the
organization and monitor it closely only if it will affect the
organization’s purchasing plans.

Providers and Operators of Major Supply Chains
organizations are distinct from ordinary users of Internet services
(e.g., from enterprise IT departments) in that they use much more
Internet hardware and services and typically have the need to use a
larger, more specialized set of security protocols.

With more equipment in place, these organizations will
need to plan further in advance for the effort needed and the financial
burden to be met if equipment must be upgraded or replaced to meet a
new Internet standard. In particular, they should pay close attention
to developments in the protocols related to any specialized software
(e.g., for supply chains) that they employ.

Internet and Web
Application Developers
Most applications
that send and receive data across the Internet use common,
well-established communications standards (e.g., TCP/IP) that are
stable enough not to force software developers to react to frequent
changes in standards or to the rapid introduction of new ones. But
developers that employ specialty standards, particularly for security,
could be forced to make substantial changes to their software in
response to new standards developments.

A prudent approach to this dilemma is to periodically
monitor the activities of the major standards bodies. When a potential
new standard begins to be discussed, the developer should determine
what the standard’s potential effects would be on its software. If it
might have an impact, the developer can then begin outlining
development changes that would need to be made if the standard does
gain acceptance. If the proposed standard moves further toward
ratification, the developer can then devote more time to it.

A potentially interesting, even transformative, new category of
standards could be developed by the Immersive Web Working Group. Formed
in late 2018, it aims to develop Web APIs for virtual reality and
augmented reality. In early 2019, the group published a draft of WebXR,
a standard for APIs that enable URLs to be used for accessing
virtual and augmented reality services.13


[return to top
of this

About the Author

[return to top of this report]

Geoff Keston is the author of
more than 250 articles that help organizations find opportunities in
business trends and technology. He also works directly with clients to
develop communications strategies that improve processes and customer
relationships. Mr. Keston has worked as a project manager for a major
technology consulting and services company and is a Microsoft Certified
Systems Engineer and a Certified Novell Administrator.

[return to top of this report]