Gemalto in the W3C : working to add more security to the web

Last updated: 28 November 2019

As the W3C celebrates the web’s 25th birthday, we continue to work with the developers of internet browsers, electronics manufacturers and internet service providers to imagine new use cases and features that could become part of the landscape of the world wide web.

We’ve been members of the W3C since 2011 and stand alongside Apple, Google, Mozilla, Microsoft, Intel, LG, Samsung, Qualcomm, Sony Mobile and many others in amongst its 400+ members. Non-developers may not be able to make much of the technical specifications discussed and developed by the group, but every time you use a browser, or hear about “HTML5” or “CSS3,” you are dealing with technologies designed at W3C. In other words, W3C is the web-place to be.

Today, digital business is driven by mobile and web applications. And one of the key problems for these businesses, is the challenge “write once, run everywhere” poses. The open web platform, as developed by the W3C from Sir Tim Berners-Lee’s original framework, has been trying to address this by standardizing the technologies used on the web.

Our objective in joining the W3C was to understand and influence the security built into the web. By ensuring the foundations of the web are robust, we believe that we (as an industry) can move more and more critical business functions onto that platform; taking a big step in standardizing the proprietary and fragmented environments many enterprises today have to deal with. We have been contributing to W3C activities on several separate tracks, from making technical contributions, to chairing working groups. I recently had the honour of being elected to the Advisory Board, working to support the legal, strategic and procedural aspects of W3C.

As an organization Gemalto has specifically been involved with chairing and contributing to chair the W3C Web Crypto Working Group. This group aims to deliver a dedicated library, to be implemented in all browsers, allowing web applications and websites to execute basic cryptographic operations. These functions are extremely important in an era where hacking service providers is becoming a major business for cyber criminals, and securing services on the web is therefore a must. The specification will be implemented in major browsers in 2015.

Another topic we’ve contributed to is the access web applications have to more secure functions. For example, how to allow a web application running on mobile device to access services or credentials residing in a SIM card, or a contactless card in the vicinity of the users’ device. This kind of feature raises the question of trust for web applications, and necessarily involves the user in granting permission for those operations – after all, who would like to have an application taking control of confidential information on smart cards without prior consent?

This very question will soon be discussed in our offices, in Paris, during a workshop gathering many of the key members of the W3C, including Apple, Google, Mozilla, Microsoft, Intel and more – full list here. I’ll post again following the discussion, as I have no doubt it will take us a step closer to an even more advanced and secure web.