Web Standards and Specifications

From OWASP
Revision as of 13:15, 12 July 2006 by Bikram (Talk | contribs)

Jump to: navigation, search

WASS: Web application standards and specifications

The current article will present a high level overview of the various standards being used in web-applications; which of these are current or outdated, and more importantly which of the standards will be useful in implementing a particular type of application. Basically, it will help in understanding the various W3C, WS-I and other web application standards, and find relevance for them in the applications that we design and develop.

This article is aimed at developers and architects to make effective choices in designing and implementing robust, useful and secure web applications.

Some primary web standards bodies are: http://www.ietf.org/home.html http://www.w3.org/ http://www.ws-i.org/ http://www.oasis-open.org/who/tab.php http://www.omg.org/


Introduction

Internet Engineering Task Force (http://www.ietf.org/home.html) - One of the primary bodies involved in the development of core internet standards, e.g. networking, routing, mail etc. Their scope is pretty wide, everything “above the wire and below the application”, as described by "Scott Bradner" in "http://edu.ietf.org/node/view/55" article. Some of the important contributions include: IP, TCP, HTTP, FTP, VPN, LDAP, Telnet, POP3, and many more. Further, in his presentation, Scott describes the scope of other "Standards Development Organisations" (SDOs), as primarily involved in extending and fixing IETF standards, which is correct, as we shall see later in the article.

A sister organisation is www.irtf.org, which is fixed on defining the future of internet standards.

They even have a education page: http://edu.ietf.org

All the current and older internet standards published by IETF can be found at: http://www.rfc-editor.org/rfcxx00.html

One interesting fact about an RFC document is that once published it never get revised; it is obsoleted by another RFC. Internet drafts are used to refer to documents that are in the making and may eventually become an RFC. RFC stands for 'Request for Comments' and they may or may not be a standard; but they are the main technical documentation series of the IETF.

World Wide Web Consortium, W3C (http://www.w3.org/)

Web services interoperability organisation, WS-I (http://www.ws-i.org/)

Organization for the Advancement of Structured Information Standards, OASIS (http://www.oasis-open.org/who/tab.php)

The Object Management Group, OMG (http://www.omg.org/)

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.