|
|
| CARVIEW |
For the 8th year in a row, we are coordinating an Inclusion Fund ahead of TPAC 2025, our annual conference, and for the first time we are expanding it to include a W3C Invited Experts support fund. The goal is to reduce barriers for participants who are contributing positively to the work of W3C groups, but who require financial support to be more actively involved.
The funding initiatives contribute to the W3C stakeholder strategy, as outlined in the 2025-2028 Strategic Objectives and Initiatives. This is being spearheaded by Sylvia Cadena, who I hired as Chief Development Officer last year. We were able to secure nearly US$ 70,000 through sponsorships by W3C, GoDaddy, Igalia, Microsoft, as well as donations and a contribution that people can choose to add when registering to TPAC 2025.
To better align with our stakeholder strategy objective, the eligibility criteria this time put the emphasis on established contributors, in particular editors, chairs and those participating in elected bodies. Prioritization continued unchanged: under-represented groups, to improve diversity of background, gender, experiences, expertise and skills.
We received 67 applications. 26 matched the eligibility criteria, passed our screening, and were approved by our selection committee. We were able to allocate funding in a 50/50 split (13 awardees in the TPAC Inclusion Fund, 13 awardees in the Invited Expert Support Fund). This year we were able to fund almost 4 times as many awards than all previous 7 years combined!
There was significant interest from applicants who were overall very diverse. We can report there is equitable balance among the awardees, with broad under-represented groups/region/gender representation:
- 15 women, 9 men and 2 gender-diverse individuals.
- 12 from Europe (6 economies), 10 from North America (2 from Canada and 8 from the United States) and 4 from Asia Pacific.
- 4 experts are originally from or had experience working in economies from the global majority.
- 19 experts are independent, while the other 7 are employed by W3C members but were not able to secure funding support from their employer.
- Several of the experts are people living with a disability, and the fund will provide additional support in that regard.
Within the awardees we noted a wide representation of skills and knowledge, with a good mix of technical expertise — including some with rare skills — and UX design expertise, The group also includes a number of people with lived experience of disability, which is critical for W3C's web accessibility work. The group also includes individuals contributing to our security and privacy work.
Sheila Moussavi (PWE CG), Hidde de Vries (AB), Matthew Atkinson (TAG) and Tamsin Ewing (W3C Team) served in the selection committee, and I want to thank them for their support. The initial screening was conducted by Team members, Coralie Mercier, Christine Gefaell and Sylvia.
This effort is one facet of our Stakeholder Outreach strategy, which calls for improving our overall effectiveness through reinforcement of relationships with existing stakeholders as well as new relationships that can help further advance our mission.
TPAC is one venue where the work of our groups is accelerated. We hope that all 26 awardees can participate at TPAC 2025 and that they experience a fulfilling event and find a way to stay engaged in the work. With such diverse skills and backgrounds, their contributions will certainly lead to better and more inclusive design, increase the quality of participation, collaboration and discussion at TPAC 2025 and beyond.
We want to encourage donations and sponsors to boost their financial contributions for the continuation of these efforts, so that we are able to open our work to more people, aiming ultimately to address the representation and participation gaps that prevent the diversity of the whole world to be reflected in web standards. We invite you to contribute generously.
Photo by Denise Jans on Unsplash
Some of you may know that I host the “Principle Driven Leadership” Podcast, so in a sense, I am in my element in this blog post because the essence of the podcast is how to lead through principles and the importance of providing vision in order to grow, resolve problems effectively and create durable results.
With that in mind, I am excited that the W3C Advisory Board has published as a W3C Statement the document Vision for W3C, which articulates W3C’s core vision for the web. W3C Statements provide a stable reference for documents that W3C Members formally endorse after review. “Vision for W3C” defines the values of W3C’s mission as well as the shared principles that guide our decisions for the web, as new technologies enable new possibilities. I can not emphasize enough the importance of vision. Vision matters. It is my first core principle of leadership (the second and third being “leaders resolve problems” and “leaders create more leaders”), because vision drives impact.
Vision, paired with robust guiding principles, enables organizational alignment and begets positive outcomes. These key words describe a virtuous positive cycle: Clear vision and stated common outcomes (the “why”), and refined principles that drive forward motion (the “how”), create the alignment required for an organization to reach durable and sustainable success.
W3C’s vision provides our community that clarity: it is that the web is for all humanity, it is designed for the good of all people, it must be safe to use, and there is one interoperable world-wide web.
Our operational principles encompass user-first, multi-stakeholder, diversity, thorough review, consensus, royalty-free and voluntary implementation, open participation, transparency, interoperability, incubation, decentralization, and collaboration. These principles stake out the path towards the sustainable success of W3C.
Furthermore, the core sections on vision in “Vision for W3C” and the aforementioned operational principles for W3C, are the drivers behind the Strategic Objectives and Initiatives that we developed and made public last month. Vision enables purposeful change, and “Vision for W3C” is what underpins W3C’s mission. In all of our four strategic objectives, we will be centering our guiding star on the impact W3C has. That will ensure that we navigate challenges and opportunities in a way that fulfills our mission of making the web work, for everyone, by bringing together global stakeholders to develop open standards that enable a World Wide Web which connects and empowers humanity.
I want to thank and acknowledge the individuals and our collective community for bringing this foundational document to life. I see this as a key component of leading the World Wide Web Consortium.
Blog post illustration: Telescope, by Daniel Appelquist
Today, W3C is pleased to announce the publication as a W3C Statement of Vision for W3C. W3C Statements provide a stable reference for documents not intended to be formal standards but that have been formally reviewed and are endorsed by W3C.
Vision for W3C articulates the World Wide Web Consortium’s core vision and operational principles, with goals to:
- Help the world understand what W3C is, what it does, and why it matters
- Communicate shared values and principles of the W3C community
- Be opinionated enough to provide guidance and a framework for making decisions, particularly on controversial issues
- Be timeless enough to remain relevant without needing frequent revision, while being open to evolving based on the needs of the community
The World Wide Web Consortium, as a community leader in defining technical standards and guidelines for a World Wide Web that connects and empowers humanity, has a role to provide a neutral open forum where diverse voices from around the world work together by consensus. The web has had a tremendous impact on the world, and its impact will continue to grow in the future as it expands reach, knowledge, education, and services even more broadly.
Vision for W3C was produced by the W3C Advisory Board (AB) as a work item that it has been tracking as a priority since 2021, and builds on the W3C Technical Architecture Group’s excellent Ethical Web Principles, as it fits into the same framework and promotes many of the same goals. Where Ethical Web Principles focuses on the “what” - what we produce - Vision for W3C focuses more on the “how” - by writing down core operational principles. We are grateful to the AB Members, W3C Member representatives and W3C Team Members who joined them in the Vision Task Force, for shepherding this important work.
A few weeks ago we released to the public the initiatives for 2025-2028 that will support W3C’s strategic objectives. Both Vision for W3C and Ethical Web Principles provide the foundational basis upon which to envision how to exercise our social responsibilities through rigorous consideration of accessibility, internationalization, privacy, and security.
Written in the spirit of taking responsibility to address the impact of our work, Vision for W3C defines the values of W3C’s mission and the shared principles that guide our decisions as new technologies enable new actions and new possibilities. Vision for W3C allows us to take deliberate steps to address the many harmful unintended and undesirable consequences that arose from the web’s amazing success, and to continue to provide the consistent architecture that enables a World Wide Web that works, for everyone.
This week some W3C staff members, including myself, will contribute to a series of conversations about the future of identity on the web at the Global Digital Collaboration in Geneva. The timing is great from a W3C perspective because we have recently published multiple specifications that I believe will contribute to the next chapter of identity on the web.
Verifiable Credentials 2.0
Credentials such as driver’s licenses, passports, diplomas, and payment methods all play an important role in our daily lives. In a growing number of situations, people want to exchange these credentials digitally, and governments are beginning to push for interoperable technologies to support the demand. The foundation of trust in a credential ecosystem is that parties can cryptographically verify these credentials. I lead W3C’s security activities, and so am particularly focused on the secure exchange of these credentials.
In May, W3C published version 2 Recommendations of the Verifiable Credentials family of standards (see the press release). These standards enable the secure, privacy-respecting, and cryptographically verifiable expression of digital credentials.
For flexibility across a broad range of applications and governmental mandates, the new standards support a variety of encoding schemas (e.g., JSON-LD, SD-JWT). The Verifiable Credentials family also provides multiple ways to attach or embed cryptographic proofs to claims. Because the crypto landscape is quickly evolving, the standards are designed to be “crypto-modular” to accommodate emerging cryptographic approaches such as Post-Quantum Cryptography (PQC) and Zero-Knowledge Proofs (ZKP). With selective disclosure and the capability to combine multiple credentials into verified presentations, this model ensures secure, efficient, and privacy-preserving user data management.
Digital Credentials API
The unifying goal of the standards is to empower people to exchange verifiable information securely, privately, and seamlessly on the web. But how do people exchange these credentials, for example, when prompted by a site to provide a national identity? That is the role of the Digital Credentials API, conceived in the Web Incubator Community Group, and now on the standards track in the Federated Identity Working Group. That group published the First Public Working Draft on 01 July 2025.
The Digital Credentials API enables websites to request credentials, and for users to consent to return credentials that they carry around in digital wallets. Above, I said “seamlessly” and that’s where the user agent (browser typically) plays a critical role. The user experience of understanding what is being requested by a site, selecting from among relevant credentials, consenting to share the credentials, and getting new credentials from issuers (e.g., universities, the department of motor vehicles, a bank) must be excellent, and the browser is uniquely positioned to support that experience.
Because the Digital Credentials API has been incubated for some time, both Google and Apple are already shipping early implementations, so people can check out demos and conduct experiments. This experimentation will inform the evolution of the specification.
This is only the First Public Working Draft, and the Working Group still needs to address some important security and privacy issues. For example, one of the hot topics is how to balance data privacy with the ability of the user agent to create a secure credential selection experience. Although the Digital Credentials API already expects credentials to be encrypted and signed by wallets (before being handed back to the user agent as output from the Digital Credentials API), there are ongoing conversations about the role of unlinkability for data input to the API. There is more work to do on this and other topics, and I encourage people to join the Federated Identity Working Group discussions.
The ecosystem
As I mentioned, the APIs being standardized at W3C involve interactions with wallets. The current W3C expectation is that the wallet ecosystem will be enabled by a broader ecosystem of operating systems and standards from partner SDOs, including the FIDO Alliance, OpenID Foundation, IETF, and ISO. A lot of the current push for all of these parties to work together comes from the European Union’s Digital Identity Wallet (EUDI) initiative. A number of large-scale pilots are underway, and they will inform the ultimate EU regulation around the wallet ecosystem.
The Open Wallet Foundation has organized next week’s Global Digital Collaboration to bring together the broader ecosystem, including governments interested in open standards for wallets, certification programs, and a role for governments. W3C is one of the event’s co-organizers, and W3C staff will host sessions on Threat Modeling Digital Wallets, focusing on Privacy, a Holistic Security view for Digital Identities, one focused session on the Digital Credentials API, and one for W3C Verifiable Credentials.
My colleagues and I look forward to joining these conversations to represent core values of the W3C mission, such as those reflected in recent W3C Statements such as Privacy Principles for the Web and Ethical Web Principles. For example, a core principle upheld in the W3C APIs is that users maintain control over their digital identities, which need not correspond directly to their legal identities. W3C emphasizes enabling users to present multiple identities across contexts, including ephemeral or anonymous identities, when necessary. User agents (such as browsers or other user interfaces) thus play a critical role in mediating interactions between users and online services, dynamically ensuring digital privacy and security. This approach balances user protection from undesired identification while facilitating intentional recognition, in simultaneous pursuit of both privacy and usability.
I look forward to sharing my experiences from the conference in a follow-up post.
Icons by Flaticon.com
I joined the World Wide Web Consortium at the end of 2023, the year it was established as a US 501(c)(3) public-interest non-profit organization. After meeting the people (staff, W3C Members, collaborators from the community, etc.), taking stock of what the almost-thirty-year-old organization needed to be stronger, and to plan our efforts to move the world forward through the web platform, I then started expanding our connections to liaise with organizations and counterparts. We used the whole first semester of 2025 to iterate and finalize W3C’s strategic objectives and thematic initiatives spanning the next 3 to 5 years, that I’m pleased to introduce publicly today.
We will be centering our guiding star on the impact W3C has, to ensure that we navigate challenges and opportunities in a way that fulfills our mission of making the web work, for everyone, by bringing together global stakeholders to develop open standards that enable a World Wide Web which connects and empowers humanity.
W3C’s impact is through its broad mandate and all-encompassing methodology: since our founding 30 years ago, W3C has played an essential role in driving to trustworthy global solutions by creating trustworthy international standards that rigorously consider accessibility, internationalization, privacy, and security. From our continued work on web standards stems a single, open, interoperable platform that interconnects humanity. That is our impact.
The following commitments serve to illustrate by way of examples the four strategic objectives for W3C:
- Even though the web caters to over 5 billion people, the gap represented by the digital divide is increasing and we must consider what a “web for all” truly means and how to sustain expanding our support.
Strategic objective: Diversify our support
→ Ensure we have access to appropriate resources to protect our future even in the face of change. - We want our trusted gathering place to welcome more far-seeing technical experts and advocates about, and for, the web, so our standards work must consider the impact it has on the world.
Strategic objective: Enhance our impact
→ Direct our standards work through a framework that enables us to qualitatively and quantitatively define, analyze, and communicate the impact W3C intends to have. - Owing to our role in educating and promoting awareness of ethical and principled behaviors on the web, we must increase relationships with policymakers and regulatory bodies to advise on technical aspects and ensure that our values are represented, and to ensure we understand their needs as they impact the work that we do.
Strategic objective: Broaden our footprint
→ Expand our reach to involve communities and community representatives to ensure a truly world-wide perspective. - And finally, while the landscape of our work has changed significantly in large part because of the work of our community, we must examine how well-prepared and organized we are to face these challenges and perform the necessary structural evolution and operational optimization.
Strategic objective: Solidify our structure
→ Ensure W3C is set up to be a more resilient, adaptive, and durable organization to deliver on our mission well into the future.
These long-term objectives will be supported by five strategic initiatives that the W3C Team will execute and track over 2025-2028:
- Structural evolution: Ensure that our underlying structure and processes are fit for purpose and can effectively enable our future work.
- Impact framework: Enable W3C to qualitatively and quantitatively define, analyze, and communicate the impact we have on the world.
- Stakeholder outreach strategy: Improve our overall effectiveness by reinforcing and enhancing relationships with existing stakeholders (e.g., W3C Members, implementers, web developers, etc.) as well as finding new stakeholders that can help further advance our mission.
- Technology strategy: Maintain relevance through a focus on navigating technology evolution and newly emerging web and web-adjacent technologies.
- Policy engagement: Provide expertise and insight from our community to governing bodies and policymakers to ensure future policies are better informed by our collective knowledge and values.
In summary, we should work towards diversifying our support, finding new stakeholders that can contribute, and strengthening existing work with membership to rapidly adapt to and mitigate risks posed by our rapidly changing environment, while strengthening our organization’s structure and operations. Our positive impact will help ensure we attract more people to shape and strengthen the web, and grow ourselves in the process so we can further the virtuous circle. By adopting initiatives that support strategic objectives, we can truly realize our vision of making the web work, for everyone – a web designed for the good of its users, that is safe and secure.
I invite you to read World Wide Web Consortium (W3C) 2025-2028 Strategic Objectives and Initiatives, a public document streamlined from a document that the W3C Board of Directors approved a few weeks ago, following W3C Team and Members iteration and review.
The Board of Directors has open seats that can be appointed by the Board of Directors itself for two-year terms. The Development Committee has been considering what skill areas the current Board needs to level up. We are seeking the community’s help in order to identify candidates who might fill those gaps.
Based on self-assessment of the current Board Directors, we believe the Board would significantly benefit from increased financial skills, legal acumen, and fundraising experience. We have additionally identified that connections to other standards-defining organizations would be beneficial, as well as improving our geographic balance - in particular, our current Board Directors under-represent North America in terms of geographic distribution of our members.
As a reminder, the Board maintains documents on the role of the Board as well as the expected skills and expectations for Directors.
We are looking for suggestions of potential Board Director candidates who might improve our collective skills. We would particularly encourage suggestions of people with experience on non-profit boards, especially of national or international organizations.
We want to ensure we have a broad candidate pool. If you have any, we would encourage you to send suggestions of candidates to board-appointee-suggestion@w3.org. This list reaches the W3C Board of Directors Development Committee and W3C Officers. You may self-nominate or suggest other people. Please, be as specific but also as brief as you can.
Please note this is not an election. As part of the appointments the Board will discuss, and select candidates to explore further with (if any) based on how well they would round out our collective skills to improve the Board.
Photo by Annie Spratt on Unsplash
Continuing the series that puts the emphasis on the key areas that help ensure that the Web works, for everyone, this month I am diving into Web security. It is one of the key areas that we call “horizontals” and that shape every W3C work package because they involve approaches that are common to all work groups. Our horizontals are Web accessibility, internationalization, security and privacy.
The imperative
Creating a more trustworthy web and protecting user privacy is fundamental to creating a web that works, for everyone.
Privacy, along with Security, are integral to human rights and civil liberties, and are essential to the success of the web platform. Today, so many of the features of the web and its usage involve information about people and their communications that privacy must be considered consistently across the design of the entire platform. The human factors and the sociotechnical aspects add additional complexity.
To affirmatively realize the privacy of people using the web and address privacy threats that have already arisen requires us to operate in an interdisciplinary and global space, and to develop dedicated privacy features.
How W3C approaches privacy on the web
Following the mid-2000s W3C work on Platform for Privacy Preferences (P3P), the W3C Team in 2011 identified the need to strengthen the foundations of trust on the web for communities large and small to access and share data, and made it an area of focus in 2011. The evolution then trended toward significantly more intense collection, processing, and publication of personal data.
We follow a recipe that is simple but which details are of importance:
- Review the privacy of web standards
- Advise W3C groups developing standards to mitigate privacy issues
- Develop some private technology standards
Horizontal reviews are conducted for privacy of proposals and specifications under development by other W3C Working Groups and Community Groups, and of charters for other W3C groups. Related to that is advising groups developing standards on how to avoid and mitigate privacy issues with web technologies.
The other main component is the standardization of new technical mechanisms that improve privacy on the web, including work moving from incubation when there is a basic technical design, significant implementer interest and activity.
The W3C Privacy Working Group undertakes the former and a lot of the latter. The rest of the privacy-focused features specific to technical work covered by another Working Group are typically best developed in those Working Groups, alongside related technical features.
In focus: Global Privacy Control, Private Advertising
Global Privacy Control (GPC) defines a signal, transmitted over HTTP and through the DOM, that conveys a person's request to websites and services to not sell or share their personal information with third parties. This standard is intended to work with existing and upcoming legal frameworks that render such requests enforceable.
W3C launched the Private Advertising Working Group
in late 2024, motivated by the Ethical Web Principles W3C Statement, to specify web features and APIs that support advertising while acting in the interests of users, in particular providing strong privacy assurances using predominantly technical means.
If you wish to know more about ongoing work, I suggest you take 8 minutes to watch the Privacy talk my colleague Tara Whalen, W3C Privacy Lead, gave early April 2025.
W3C Statement: Privacy Principles
The Privacy Principles were elevated in May 2025 to W3C Statement, which means that although the document is informative and not a formal standard in nature, it creates a stable reference that has received formal review and endorsement from W3C Members.
The document provides definitions for privacy that are applicable worldwide as well as a set of privacy principles that aim to guide the development of the web as a trustworthy platform.
You can read more in Tara Whalen’s blog post on the W3C Statement: New Privacy Principles for a more trustworthy web.
"Privacy" by Rob Pongsajapan, licensed under CC BY 2.0
Protecting user privacy is fundamental to creating a web that works for everyone. Last week, W3C published its Statement on Privacy Principles, in support of furthering this goal. This document defines some foundational privacy concepts and provides a set of privacy principles to guide web development. We hope this guide will enhance the community’s understanding of privacy, illustrate ways of realizing it in practice, and inspire a vision of the trustworthy web that we can create and sustain together.
Last December, W3C published its first ever Statement, on Ethical Web Principles. The Privacy Principles Statement continues this series, focusing specifically on the considerations required for creating a web that respects people’s privacy. This milestone is significant: W3C Statements are documents that have been formally reviewed and endorsed by W3C's membership as a whole. The Privacy Principles document was developed over three years and incorporated feedback and contributions from the W3C community, and is now accepted as a W3C Statement to indicate our collective stance on the fundamental importance of web privacy and how to achieve it in practice.
I first started working on privacy with W3C in 2012 (as one of the original co-chairs of the Privacy Interest Group) and I have seen first-hand how users’ online privacy has evolved over the years, both in terms of new opportunities as well as new challenges. During this time, a lot of helpful privacy material has been produced, such as a guide on mitigating browser fingerprinting (to reduce the risk of user tracking) and a questionnaire to assist specification authors and reviewers in improving the level of privacy and security of their designs. The Privacy Principles Statement complements this body of work by providing a more general document that includes core privacy concepts as well as overarching guidance that ensures privacy is built into the foundations of web technologies.
Privacy is a very broad topic. In order to reason about privacy on the web, and therefore provide actionable guidance, it’s first necessary to define what we mean by privacy in the context of the web. That’s why this document begins with an introduction to privacy on the web, covering topics like data governance, individual autonomy, deceptive patterns, consent, opt-out and privacy labor, as well as the role that browsers (user agents) play in safeguarding web users. This provides context for the actionable principles, each of which is marked with the audiences that it's most relevant to: websites, user agents or API (web technology) designers.
It’s also important to consider how web technologies interact with social and policy aspects in the privacy realm. The regulatory environment, for example, is constantly evolving and has significant implications for the data protection of users around the world. One of the goals of the Privacy Principles Statement is to support online privacy regulations; the document is written to address both technological and policy considerations and hopefully help achieve some alignment between different regulatory regimes. Because the discussions around online data can sometimes become complex, the document includes several short, concrete examples to illustrate privacy risks and possible mitigations – for example, handling geolocation information or managing children’s services.
It’s taken a lot of work from many members of the W3C community to get these Privacy Principles to this stage, and I want to acknowledge their hard work and dedication. This document is the result of sustained effort by the Privacy Principles Task Force (a group representing a wide range of web stakeholders, convened by the W3C Technical Architecture Group), with particular credit to its Chair Daniel Appelquist and to the document editors, Robin Berjon and Jeffrey Yasskin. Additional thanks are due to all of the people who constructively engaged in discussions about web privacy–some of them over several years!–that were instrumental in producing a Statement that accurately reflects our collective privacy vision for the web.
While we’re taking a moment to celebrate the publication of this document, we acknowledge that the work is far from over. We’re eager to hear feedback about the Privacy Principles, which we can use to improve and expand our future documentation. And of course we encourage you to put the principles into practice as we build a better web!
The Publishing Maintenance Working Group (PMWG) is pleased to announce the final update of the W3C Recommendation for EPUB® 3.3.
The publishing community has thoroughly tested these Recommendations. When presented for publication, support was unanimous among responding W3C Members. It is encouraging that several reviewers indicated that they produce or plan to produce products that use this specification.
Corrections made to EPUB Recommendations
This update introduces no new features. The changes clarify the language and bring it in line with related specifications. The PMWG reports:
- We fixed the epub:type attribute not allowed on links in SVG;
- We clarified the requirements for SVG embedded by inclusion and by reference; and
- We fixed our white space definition for the fixed layout viewport meta tag. This disallowed form feed, avoiding potential rendering issues.
What’s next for EPUB3?
The PMWG’s work continues with the next major revision to the EPUB 3 family of Recommendations. This upcoming version will add new normative features to the specifications. For more information, please refer to the Publishing Maintenance Working Group Charter.
The WG will take on these tasks:
- Ensuring a good experience when reading in dark mode
- Considering adding support for HTML in the EPUB package, and
- Standardizing practices for content like footnotes & endnotes.
New Task Forces: Digital Comics, and EPUB Annotations
The Digital Comics Task Force will explore how EPUB can better support comics creators and readers. This would include webtoons, manga, graphic novels, and similar content. Digital comics are often read as a continuous scroll on mobile devices. They are not usually separated into pages like a typical ebook. The TF will develop scrolling specifications for both ebook producers and ebook reading systems. Another important feature of manga and webtoons is serialization. Digital comics need new metadata so that people can find the next installment of their favorite manga.
Currently, people can annotate EPUBs within a reading system. But the annotation remains with the platform, not the publication. There are use cases for annotations stored within an EPUB package. Researchers could access their notes from multiple devices, and potentially export the annotations. Teachers would be able to share their perspective with students. Annotations are valuable in legal documents, too. Ebook reading platforms could benefit from making it easier for people to switch accounts. An EPUB Annotations Task Force will look into adding this long-requested feature to EPUB.
Accessibility in EPUB
The Accessibility Task Force and the Fixed Layout (FXL) Accessibility Task Force will continue their work. The FXL Accessibility Task Force is developing a techniques document. It will include specific models and examples. Since the current FXL EPUBS cannot be fully accessible, the TF will incubate ways around this with new technology. Additionally, they are tasked with bridging EPUB metadata to library and other publication data systems. This will ensure that people can find an ebook that suits their reading needs.
The Accessibility Task Force topics include moving from WCAG 2.0 to 2.1 or 2.2 as the floor specification. They will also look at metadata. New metadata is needed to identify publisher contacts for accessibility issues. The TF intends to develop a way to deterministically identify content by type. With that in place, people will know if they can access an ebook’s content.
Contact the group's co-chairs if you have an interest in one of these TFs and would like to contribute to the new EPUB specifications.
EPUB 3.4 working drafts
The Working Group has published the first working drafts of the EPUB 3.4 specification below. At this moment, the initial Working Drafts are essentially identical to the 3.3 versions, but the Working Group plans to evolve these documents to a standard in about two years.
Congratulations to Matt Garrish, main editor; co-chairs Wendy Reid, Shinya Takami; co-editor and W3C staff contact Ivan Herman; and the entire Publishing Maintenance Working Group for this update.
You know the feeling. You’re in a product meeting, skimming GitHub issues, or catching up on another EU regulatory proposal, and you realize there’s something missing in how we’re building for the web. Maybe it’s a technical shortfall, maybe it’s a user experience no one’s nailed yet, or maybe it’s a whole category of use case the current standards aren’t touching with a ten-foot pole.
That’s where the W3C Exploration Interest Group (IG) comes in.
We’re not a working group. We’re not here to define normative specs. We’re here to connect the dots between the real world and the standards world and to ask better questions before jumping to answers. Think of us as the early R&D lab for identity, authentication, and trust on the web.
Why this group, and why now?
If you’re building for the web, navigating its policy landscape, or just trying to make something interoperable, this group’s for you. Why? Because web identity is in flux. Cookies are on the way out. Federated login flows are being rebuilt. Browsers are experimenting with new APIs. And regulators? They're not exactly standing still either.
If we want a web that works for real users, across real use cases, we need more people at the table who can say:
“Here’s what’s happening in production, and here’s what we still don’t understand.”
That’s what the Exploration IG is here for: to find the gaps, to make space for disagreement, to spotlight use cases that standards groups haven’t prioritized yet, and to build the bridges that might become working group charters down the line.
What we’re exploring?
We don’t have a single-track agenda—but here’s the kind of stuff that gets us talking:
- Technical gaps between browser implementations and web specs
- Emerging wallet models, identity credentials, and federation flows
- Use cases that span trust frameworks, sectors, or jurisdictions
- Fragmentation risks when multiple standards solve the same problem differently
- Regulatory signals that need a better technical response
Contribute your ideas!
Our GitHub repo is public, and we actively welcome ideas and discussion there; this is an open forum, and everyone is welcome to contribute their ideas. If you see something in the wild that standards groups should be thinking about, bring it to us. Whether you’re an implementer, a researcher, a policymaker, or someone with a stubborn browser bug and a vision, open an issue. We want to hear from you. And if it turns into a recurring collaboration, we’d be delighted to have you join the group.
Some of the best conversations start with “I’m not sure this fits anywhere else."
And that’s exactly the kind of conversation we want to have. So if you’ve ever felt like there’s something important that doesn’t quite have a home in the standards process yet, maybe it belongs with us.
We meet every other week and organize sessions around topics raised by the community. Join us. Listen in. Bring your questions. Or just open an issue and see what happens.
The WebDX Community Group started work in 2022 to make it easier for developers to track the list of features that are widely available and those that are under development.
Since then, the Community Group has been busy developing the open-source web-features project, a shared catalog of features of the web platform, and the Baseline status to give developers clear information about which of these features work across a core browser set. Baseline badges have now been integrated in Can I Use, MDN, RUM Archive Insights, RUMvision and others. Watch the Baseline web features for the win video (September 2024) for a quick dive into the web-features project.
Today, we are happy to announce that the WebDX Community Group has reached a new milestone: most keys defined in the @mdn/browser-compat-data project (BCD), which powers support tables in MDN pages and contains the most complete set of fine-grained features defined in web specifications, have been mapped to 1000+ higher-level features in the web-features project. This provides a first nearly complete catalog of web features, along with their Baseline status. The catalog is available through the web-features package in the npm registry.
This effort would not have been possible without significant contributions from, and collaboration with, organizations such as Open Web Docs, MDN, browser vendors, and many others! Many thanks to them and to organizations that provided support in the background so that group participants could do the work.
Plotting browser support data in the catalog shows the evolution of the web platform in terms of number of features and Baseline status within browsers from the first release of Safari in June 2003 (95 features) to the end of February 2025 (1006 features), and the relative split between features that are implemented somewhere (328 as of February 2025), Baseline Newly Available (150 as of February 2025), and Baseline Widely Available (528 as of February 2025). Please keep in mind that the support data only covers browsers of the core browser set (Chrome, Edge, Firefox, Safari) and that the notion of Baseline only becomes meaningful once all these browsers have shipped a first version (after July 2015 for the Baseline Newly Available status, after January 2018 for the Baseline Widely Available status).
Evolution of the web platform in terms of number of features implemented in browsers
The list of features will of course keep growing as new features get discussed, standardized and implemented across web browsers. The group also expects to refine existing mappings, to further improve tooling (including the <baseline-status> web component to display the Baseline status of a web feature), and to work with browser vendors, maintainers of libraries, documentation and services to integrate web-features where it matters for web developers.
If you want to learn more about the project and provide feedback, you are welcome to attend the breakout session about web-features that Patrick Brosset, co-chair of the WebDX Community Group, will lead during Breakouts Day 2025 on 26 March 2025 (time still to be defined).
If you want to contribute and improve the developer experience of the web platform, please join the WebDX Community Group or bring your input to the web-platform-dx/web-features GitHub repository.
The W3C Security Web Application Guidelines (SWAG) Community Group seeks to make it easier for developers to leverage security features that are often complex in their application development.
SWAG launched in June 2024 after the W3C Workshop "Secure the Web Forward". One of the workshop’s findings, and some accompanying developer research presented there, is that web developers are generally unsure about security and their role in ensuring that web apps are secure. This group’s mission, therefore, is “to increase the overall security of web application development by writing security best practices for web developers and providing a platform for stakeholder collaboration.” In the same manner as that workshop, SWAG is intended to be connected to other organizations that share a similar mission, such as the OpenSSF Best Practices Group, OpenJS Foundation, and OWASP.
One of the first results of SWAG’s efforts is a set of videos addressing the complexities of Content Security Policy and Trusted Types. These two features can be used as effective XSS mitigations but, unfortunately, are difficult to configure due to the breadth of the threats they mitigate and the fact that they are time-consuming to debug.
Six talks introduce open-source tooling developed from Google’s large-scale CSP and Trusted Types adoption work. These tools, which serve as a natural interface between developers and the specifications, provide actionable help in a tight feedback loop during the development cycle to reduce the uncertainty and complexity of configuring these best-in-class web security mitigations against XSS. The experience of Google engineers who have shipped strict CSP and Trusted Types to hundreds of web applications is distilled into tools that provide best practices and gentle guidance toward a more secure codebase.
SWAG meets every week and those talks were recorded during the meeting of 11 November 2024. The 6 videos are available via the "Security at W3C" playlist on W3C's YouTube channel.
I recently had the pleasure of speaking at several events during the World Economic Forum in Davos, Switzerland. This was a great opportunity to represent W3C and the power of international standards, particularly since the theme this year was “Collaboration for the Intelligent Age”.
W3C’s 30 year history of global collaboration to build open, free, interoperable standards for a single world wide web is a great example of the kind of collaboration our world continues to need in rapidly changing times. As such, it was good to see how much interest there is in interoperable international standards in general and in W3C’s participation in such conversations in particular. It was great to have the opportunity to talk about the positive and at times life-changing impacts that international standards can have, and to hear others outside of the standards community express their interest, support, and even the very need for international interoperable standards.
Key points:
- Interoperability: Alain Labrique (World Health Organization) expressed how interoperable standards for health information can save lives by enabling the exchange of critical information in a crisis. Earlier in the week I shared the importance of interoperable standards around validating the provenance of critical information during disaster relief efforts.
- Trust: there was much discussion throughout these sessions of the need to increase trust in the digital infrastructure and how openness, be it open source development or an open and royalty-free standards process such as we have at W3C, serves as a foundation for trust.
- Privacy: I don’t believe you can discuss identity, security, and trust without talking about privacy. In our privacy principles, W3C emphasizes the importance of individual autonomy and the need for user agents to adhere to privacy principles in order to ensure a trustworthy web.
Ultimately, international standards can enable trustworthy solutions that support local control and security while providing a framework for global trust.
We at W3C play a critical role in making this happen. Because of our long standing focus on enabling one web for all, and our current composition representing industry leaders, big and small, from around the world, we have the potential to influence global discussions involving the web. Because the web is embedded in many different aspects of society throughout much of the world, there are many conversations outside of W3C that can impact how the web is used and even how the web is shaped. This was the first time W3C was formally represented at an event during the World Economic Forum and the opportunities that these conversations bring to us are invaluable.
It’s important for W3C to be involved in those conversations, in large part because of our knowledge and that we are a hub for major and minor implementers around the world. It’s also important that our values are represented in these discussions. The web is more than just technology - it’s technology with the fundamental purpose of interconnecting humanity. Our human-centric focus is distinct in the world of Standards Development Organizations and as such we need to be helping to shape the future of the web wherever we can.
I made important contacts and already see opportunities for W3C to further step up, because If we don’t, there are plenty of other organizations, public and private, ready to fill the void to keep work needed by the world moving, but without the same dedication to our mission.
