Global Standardization Activities

Vol. 18, No. 3, pp. 75–78, Mar. 2020. https://doi.org/10.53829/ntr202003gls

Activities at W3C Technical Plenary and Advisory Committee Meetings Week (TPAC) 2019 in Fukuoka

Yumiko Matsuura, Kiyoshi Tanaka, Shigeru Fujimura, and
Koichi Moriyama

Abstract

The W3C (World Wide Web Consortium) Technical Plenary and Advisory Committee Meetings Week (TPAC) 2019 was held from September 16 to 20 in Fukuoka, and this meeting was the second time held in Japan. The activities of the NTT Group related to development of web technology in TPAC are described in this article.

Keywords: W3C TPAC, web authentication, digital signage

PDF

1. Overview of W3C TPAC 2019 in Fukuoka

The Technical Plenary and Advisory Committee Meetings Week (TPAC) is an annual general meeting held by the World Wide Web Consortium (W3C), which is a membership-based international consortium of industrial and academic organizations involved in standardizing and promoting web technology. The days before and after the plenary session held on that Wednesday were filled with various activities related to standardization, including face-to-face technical discussions in the Working Group (WG) and discussions on the use of technology from a business perspective and technology that has been adopted in the Business Group (BG). TPAC 2019 was held at the Hilton Fukuoka Sea Hawk and was the largest ever, with over 640 participants and over 100 meetings and sessions.

The key topics of the plenary session included an announcement regarding Sir Tim Berners-Lee, inventor of the World Wide Web as well as the founder and centripetal force within the W3C, of his intention to step down as director. There was also a report on the proposal for the W3C to obtain legal entity status in January 2021, which has been discussed in various meetings as a means to achieve stable operation of the W3C, and members were asked to make preparations within their own organizations. Concerning the handling of intellectual property in the standardization process, a proposal for a policy of early confirmation of royalty-free implementation by each organization, which is currently required at the time of recommendation, was promptly confirmed to prevent reworking in WG discussions.

2. NTT Group activities

The NTT Group provided stable Internet connection service during the conference via NTT Communications and NTT WEST. Meeting participants included many individuals from many countries, and communication between members via the Internet for web conferencing, GitHub, etc. required a very fast and robust network environment. By continuously and reliably performing daily tasks such as monitoring during meetings and equipment inspection after meetings, the NTT Group contributed to the high evaluation of the meetings by participants.

3. FIDO authentication and the WebAuthn WG

The Web Authentication (WebAuthn) WG has been standardizing a JavaScript application programming interface (API) for web browser implementation of simple and strong web authentication based on the FIDOTM*1 model [1, 2].

The standardization of web authentication in the W3C began with the contribution of the basic specifications of the web part (draft) by the FIDO Alliance in November 2015. The FIDO certification model was made compatible with operating systems and browser platforms and officially recommended as Level 1 in March 2019. Level 2 is currently being formulated.

NTT DOCOMO and NTT laboratories joined the FIDO Alliance as a board member and a sponsor member, respectively. NTT DOCOMO has chaired the Consumer Deployment WG and FIDO Japan WG and is contributing to the formulation and popularization of FIDO certification specifications by providing summaries of issues and feedback regarding commercial introduction and improvement of the FIDO specifications.

Seizing the opportunity of getting together with key persons involved in web security and authentication at TPAC 2019, three initiatives from Japan were taken up to promote even more widespread application of the simple and robust FIDO authentication model in commercial services, including web authentication.

3.1 Demonstration booths

The NTT Group took the initiative to set up web authentication demonstration booths during the week of the meeting. The FIDO Japan WG and the Japan FIDO Alliance member companies also participated by demonstrating web authentication on smartphones, web authentication using personal computers and security keys, and the operation of an authentication device that uses the veins in users’ palms. By popularizing FIDO certification and introducing new first-in-the-world initiatives in Japan, we were able to demonstrate the appeal of password-less authentication.

3.2 Luncheon speech

On the second day, we conducted a 30-minute presentation entitled “Contributions from NTT and Japan Teams for Simpler, Stronger Authentication.” The presentation covered how NTT DOCOMO was an early adopter by using the FIDO specifications for d ACCOUNTTM*2 log-in biometric authentication since May 2015 [3] and initiatives of the NTT Group and Japanese companies regarding web authentication. Knowledge gained from world-first commercial applications and feedback for improving specifications were also presented along with ideas for moving forward. At TPAC 2019, which was held in Japan for the first time in a long while, a luncheon speech (a first for TPAC) describing valuable Japanese initiatives generated strong interest and lively discussion among several audience members (Photo 1).


Photo 1. Luncheon speech at the TPAC.

3.3 WebAuthn WG

In the WebAuthn WG, more specific feedback was offered, and there was discussion on formulating Level 2. The three main points were 1) current differences in browser implementations, 2) problems with the specifications for providing a frictionless authentication experience, and 3) best practices for effective use of the many options for implementing password-less authentication. We believe these efforts have increased the momentum of standardization activities for reducing the risk of unauthorized access originating in the online use of passwords.

*1 FIDO stands for First IDentity Online. FIDO is a trademark of FIDO Alliance.
*2 d ACCOUNT is a trademark of NTT DOCOMO, INC.

4. Web-based Signage BG

Web-based signage [4] is digital signage that uses web technology and features the implementation of services by simple installation of a web browser on a terminal. In the W3C, the Web-based Signage BG (co-chaired by NTT) began studies on the implementation of web-based signage in April 2012, starting with analysis of use cases, and has been discussing the implementation of the browser API required by services. The Web-based Signage BG meeting was held at TPAC 2019 for the first time in about two years. The history of the activities was reviewed, and it was confirmed that web-based signage has already been commercialized and is in use worldwide. Having achieved the initial goal of widespread use of web-based signage, the members agreed at the meeting to terminate activities of this BG.

5. Breakout session topics

One of the features of TPAC is “unconference-style” breakout sessions held on the day of the plenary session. Volunteer participants deal with all matters from setting the discussion topics to managing the sessions. The discussion topics can be very diverse, such as seeking broad audience perspectives on divided opinions within the WG, or proposing new topics for future discussion in the W3C. This time, 59 sessions were held with lively discussion, and up to 12 sessions were conducted simultaneously.

Of particular interest was the six related sessions presented by Google and Apple regarding browser privacy, including increased security risks and proposals for new browser security models. Behind this, IP (Internet protocol) addresses and cookies used for personalization in web advertising are considered personal information under the General Data Protection Regulation (GDPR)*3 and require careful handling. Another background issue is the considerable progress in browser fingerprinting [5] as a method of tracking users that does not use cookies and is more difficult to prevent.

It goes without saying that the protection of privacy is an important issue, and browser vendors are expected to propose new specifications based on the discussions held in these sessions in the near future.

*3 GDPR: European Union (EU) regulation for general data protection formulated by the European Parliament, European Council, and European Commission intended to strengthen and integrate data protection for all individuals in the EU.

References

[1] FIDO Alliance,
https://fidoalliance.org/
[2] WebAuthn WG,
https://www.w3.org/TR/webauthn/
[3] K. Moriyama, “Toward a Password-free World: NTT DOCOMO Efforts on d ACCOUNT Biometric Authentication Using the FIDO Standard and Future Prospects,” Denkitsushin (Telecommunications), Vol. 80, No. 840, pp. 13–19, 2017 (in Japanese).
[4] K. Tanaka, M. Nakamura, K. Suzuki, and K. Takegami, “Trends in Web-based Signage Standardization,” NTT Technical Review, Vol. 15, No. 8, 2017.
[5] N. Nikiforakis, A. Kapravelos, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna, “Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting,” Proc. of the 2013 IEEE Symposium on Security and Privacy, pp. 541–555, Berkeley, USA, May 2013.

Trademark notes

All brand, product, and company/organization names that appear in this article are trademarks or registered trademarks of their respective owners.

Yumiko Matsuura
Senior Research Engineer, Supervisor, Universal UX Design Project, NTT Service Evolution Laboratories.
She received a B.S. and M.S. in computer science from Keio University, Kanagawa, in 1991 and 1993. She joined NTT Human Interface Laboratories as an engineer in 1993 and engaged in the development of multimedia systems and a content delivery platform. She was in the Research and Development Strategy Department twice, most recently she started collaboration with leading companies in industries such as automotive and manufacturing. As a result of organizational changes in July 2017, she is now at NTT Service Evolution Laboratories and is involved in research management on human understanding and interface design.
Kiyoshi Tanaka
Senior Research Engineer, Supervisor, Co-innovation Promotion Project, NTT Service Evolution Laboratories.
He received a B.E., M.E., and Ph.D. in communication engineering from Osaka University, in 1992, 1994, and 2005. He joined NTT in 1994 and since then has been engaged in researching video-on-demand systems and metadata-related interactive video systems and services, especially those related to IPTV and digital signage services. His current interests include standardization of digital signage. He is one of the co-chairs of the W3C Web-based Signage Business Group. He is also a member of the Institute of Electronics, Information and Communication Engineers (IEICE), the Human Interface Society in Japan, and the Institute of Image Electronics Engineers of Japan (IIEEJ).
Shigeru Fujimura
Senior Research Engineer, NTT Service Evolution Laboratories.
He received an M.S. in information science and technology from the University of Tokyo in 2005 and joined NTT the same year. Since then, he has been engaged in research on web mining and web engineering, especially on effective methods of implementing web applications. His research interest is data management systems using blockchain and smart contract technology.
Koichi Moriyama
Senior Director of Product Innovation, Product Department, NTT DOCOMO, INC.
He received a B.E. in electrical engineering and an M.E. in computer science from Keio University, Kanagawa, in 1992 and 1994. He is responsible for the innovation of NTT DOCOMO’s devices and platform software and for the partnerships that support NTT DOCOMO’s innovation goals, including those related to FIDO standards. Mr. Moriyama has previously held positions with Sony Ericsson Mobile Communications, Inc. and Sony Corporation. He was also a visiting research scholar at Georgia Institute of Technology, USA, while he was at Sony Corporation.

↑ TOP