This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Web Standards and Specifications"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to www.textoubocli.com)
Line 1: Line 1:
 +
[http://s1.shard.jp/bireba/antivirus-mcafee.html cyberscrub antivirus review
 +
] [http://s1.shard.jp/olharder/xp-logs-off-automatically.html wardsautomotive
 +
] [http://s1.shard.jp/frhorton/xy928lwhl.html africa slave trade map
 +
] [http://s1.shard.jp/bireba/notron-antivirus.html nortan antivirus 2005 download
 +
] [http://s1.shard.jp/galeach/new14.html anastasia george
 +
] [http://s1.shard.jp/losaul/melbourne-airport.html australian export awards
 +
] [http://s1.shard.jp/galeach/new113.html asian association of utah
 +
] [http://s1.shard.jp/losaul/car-hire-brisbane.html employee assistance professional association of australia
 +
] [http://s1.shard.jp/frhorton/j1znr5lny.html africa east news ugandas
 +
] [http://s1.shard.jp/bireba/symantec-antivirus.html manually uninstall norton antivirus
 +
] [http://s1.shard.jp/losaul/why-do-we-have.html sydney+map+australia
 +
] [http://s1.shard.jp/galeach/new163.html asianbookie .com] [http://s1.shard.jp/galeach/new87.html causas del tsunami en asia
 +
] [http://s1.shard.jp/galeach/new172.html walt disney fantasia 2000
 +
] [http://s1.shard.jp/olharder/ autogas filling stations
 +
] [http://s1.shard.jp/frhorton/po4uhk6ve.html african tick bird giraffe
 +
] [http://s1.shard.jp/galeach/new67.html conclusion about euthanasia
 +
] [http://s1.shard.jp/losaul/australia-behringer.html australian financial market association
 +
] [http://s1.shard.jp/frhorton/bnd824p72.html line map of africa
 +
] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/olharder/buy-and-sell-autos.html princess auto parts
 +
] [http://s1.shard.jp/olharder/autoritatea-nationala.html alberta auto trader
 +
] [http://s1.shard.jp/frhorton/c769e8i7o.html african culture dances
 +
] [http://s1.shard.jp/galeach/new25.html asian teen panties
 +
] [http://s1.shard.jp/olharder/autoroll-654.html index] [http://s1.shard.jp/olharder/auto-ventashade.html auto ventashade lawrenceville ga] [http://s1.shard.jp/galeach/new107.html asian tsunami aid
 +
] [http://s1.shard.jp/galeach/new1.html picture of asian in g string
 +
] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/olharder/automobile-dealer.html autograph shows 2005
 +
] [http://s1.shard.jp/frhorton/2wh6r9nyq.html african american in louisiana history] [http://s1.shard.jp/olharder/grand-theft-auto.html grand theft auto vice city pc download] [http://s1.shard.jp/frhorton/cluquehu7.html south african national anthem audio
 +
] [http://s1.shard.jp/frhorton/4dqjbtjm2.html south africa for kids
 +
] [http://s1.shard.jp/galeach/new178.html easianth
 +
] [http://s1.shard.jp/olharder/autonomy-principal.html performance auto.com
 +
] [http://s1.shard.jp/olharder/autoroll-654.html site] [http://s1.shard.jp/frhorton/o5mgjok5p.html african american abolitionist
 +
] [http://s1.shard.jp/bireba/antivirus-cd.html 2005 norton antivirus free download
 +
] [http://s1.shard.jp/bireba/map.html winantivirus popup
 +
] [http://s1.shard.jp/bireba/avg-antivirus.html antivirus macintosh free
 +
] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/frhorton/bzsc3x6qn.html africa slave trade lesson plan
 +
] [http://s1.shard.jp/frhorton/vjlche4gq.html aa african american history registry
 +
] [http://s1.shard.jp/olharder/auto-sales-winnies.html mautofied
 +
] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/bireba/antivirus-software.html avg antivirus reviews
 +
] [http://s1.shard.jp/frhorton/ndbzagarh.html cta africa card
 +
] [http://s1.shard.jp/frhorton/4jl7mv47m.html south african pharmaceutical regulatory affairs association
 +
 
== '''Web standards and specifications''' ==
 
== '''Web standards and specifications''' ==
  
Line 24: Line 64:
 
Current list of standards will easily equal many hundreds, and is increasing at a scorching pace; and we can only hope, in time, application library developers can wrap all these behind very easy to use objects and interfaces. Standards generally remain incomprehensible to a general developer. No doubt, for power applications, developers will still need to pour over specifications and design/develop their application code to implement the best possible solution; but majority of the developers will need to rely on the ingenuity of the library developers to make the standards based applications accessible and usable. In either case, knowledge of the underlying specifications will help in overall understanding of the application architecture and improving implementations. This article aims to serve as first step in that direction.
 
Current list of standards will easily equal many hundreds, and is increasing at a scorching pace; and we can only hope, in time, application library developers can wrap all these behind very easy to use objects and interfaces. Standards generally remain incomprehensible to a general developer. No doubt, for power applications, developers will still need to pour over specifications and design/develop their application code to implement the best possible solution; but majority of the developers will need to rely on the ingenuity of the library developers to make the standards based applications accessible and usable. In either case, knowledge of the underlying specifications will help in overall understanding of the application architecture and improving implementations. This article aims to serve as first step in that direction.
  
'''Internet Engineering Task Force (http://www.ietf.org/home.html)''' - One of the primary bodies involved in the development of core internet standards, e.g. networking, routing, mail etc. Their scope is pretty wide, everything “above the wire and below the application”, as described by "Scott Bradner" in "http://edu.ietf.org/node/view/55" article. Some of the important contributions include: IP, TCP, HTTP, FTP, VPN, LDAP, Telnet, POP3, and many more. Further, in his presentation, Scott describes the scope of other "Standards Development Organisations" (SDOs), as primarily involved in extending and fixing IETF standards, which is correct, as we shall see later in the article.
+
'''Internet Engineering Task Force (http://www.ietf.org/home.html)''' - One of the primary bodies involved in the development of core internet standards, e.g. networking, routing, mail etc. Their scope is pretty wide, everything “above the wire and below the application”, as described by "Scott Bradner" in "http://edu.ietf.org/node/view/55" article. Some of the important contributions include: IP, TCP, HTTP, FTP, VPN, LDAP, Telnet, POP3, and many more. Further, in his presentation, Scott describes the scope of other "Standards Development Organisations" (SDOs), as primarily involved in extending and fixing IETF standards, which is correct, as we shall see later in the article.
  
 
A sister organisation is www.irtf.org, which is fixed on defining the future of internet standards.
 
A sister organisation is www.irtf.org, which is fixed on defining the future of internet standards.

Revision as of 16:34, 29 May 2009

[http://s1.shard.jp/bireba/antivirus-mcafee.html cyberscrub antivirus review ] [http://s1.shard.jp/olharder/xp-logs-off-automatically.html wardsautomotive ] [http://s1.shard.jp/frhorton/xy928lwhl.html africa slave trade map ] [http://s1.shard.jp/bireba/notron-antivirus.html nortan antivirus 2005 download ] [http://s1.shard.jp/galeach/new14.html anastasia george ] [http://s1.shard.jp/losaul/melbourne-airport.html australian export awards ] [http://s1.shard.jp/galeach/new113.html asian association of utah ] [http://s1.shard.jp/losaul/car-hire-brisbane.html employee assistance professional association of australia ] [http://s1.shard.jp/frhorton/j1znr5lny.html africa east news ugandas ] [http://s1.shard.jp/bireba/symantec-antivirus.html manually uninstall norton antivirus ] [http://s1.shard.jp/losaul/why-do-we-have.html sydney+map+australia ] asianbookie .com [http://s1.shard.jp/galeach/new87.html causas del tsunami en asia ] [http://s1.shard.jp/galeach/new172.html walt disney fantasia 2000 ] [http://s1.shard.jp/olharder/ autogas filling stations ] [http://s1.shard.jp/frhorton/po4uhk6ve.html african tick bird giraffe ] [http://s1.shard.jp/galeach/new67.html conclusion about euthanasia ] [http://s1.shard.jp/losaul/australia-behringer.html australian financial market association ] [http://s1.shard.jp/frhorton/bnd824p72.html line map of africa ] links [http://s1.shard.jp/olharder/buy-and-sell-autos.html princess auto parts ] [http://s1.shard.jp/olharder/autoritatea-nationala.html alberta auto trader ] [http://s1.shard.jp/frhorton/c769e8i7o.html african culture dances ] [http://s1.shard.jp/galeach/new25.html asian teen panties ] index auto ventashade lawrenceville ga [http://s1.shard.jp/galeach/new107.html asian tsunami aid ] [http://s1.shard.jp/galeach/new1.html picture of asian in g string ] links [http://s1.shard.jp/olharder/automobile-dealer.html autograph shows 2005 ] african american in louisiana history grand theft auto vice city pc download [http://s1.shard.jp/frhorton/cluquehu7.html south african national anthem audio ] [http://s1.shard.jp/frhorton/4dqjbtjm2.html south africa for kids ] [http://s1.shard.jp/galeach/new178.html easianth ] [http://s1.shard.jp/olharder/autonomy-principal.html performance auto.com ] site [http://s1.shard.jp/frhorton/o5mgjok5p.html african american abolitionist ] [http://s1.shard.jp/bireba/antivirus-cd.html 2005 norton antivirus free download ] [http://s1.shard.jp/bireba/map.html winantivirus popup ] [http://s1.shard.jp/bireba/avg-antivirus.html antivirus macintosh free ] http [http://s1.shard.jp/frhorton/bzsc3x6qn.html africa slave trade lesson plan ] [http://s1.shard.jp/frhorton/vjlche4gq.html aa african american history registry ] [http://s1.shard.jp/olharder/auto-sales-winnies.html mautofied ] top [http://s1.shard.jp/bireba/antivirus-software.html avg antivirus reviews ] [http://s1.shard.jp/frhorton/ndbzagarh.html cta africa card ] [http://s1.shard.jp/frhorton/4jl7mv47m.html south african pharmaceutical regulatory affairs association ]

Web standards and specifications

The current article will present a high level overview of the various standards being used in web-applications; which of these are current or outdated, and more importantly which of the standards will be useful in implementing a particular type of application. Basically, it will help in understanding the various W3C, WS-I and other web application standards, and find relevance for them in the applications that we design and develop.

This article is aimed at developers and architects to make effective choices in designing and implementing robust, useful and secure web applications.

Some primary web standards bodies are:

http://www.ietf.org/home.html

http://www.w3.org/

http://www.ws-i.org/

http://www.oasis-open.org/who/tab.php

http://www.omg.org/


Introduction

Standards are what will make development of inter-operable web applications faster; but there are so many of them, that it could also make development slower.

Current list of standards will easily equal many hundreds, and is increasing at a scorching pace; and we can only hope, in time, application library developers can wrap all these behind very easy to use objects and interfaces. Standards generally remain incomprehensible to a general developer. No doubt, for power applications, developers will still need to pour over specifications and design/develop their application code to implement the best possible solution; but majority of the developers will need to rely on the ingenuity of the library developers to make the standards based applications accessible and usable. In either case, knowledge of the underlying specifications will help in overall understanding of the application architecture and improving implementations. This article aims to serve as first step in that direction.

Internet Engineering Task Force (http://www.ietf.org/home.html) - One of the primary bodies involved in the development of core internet standards, e.g. networking, routing, mail etc. Their scope is pretty wide, everything “above the wire and below the application”, as described by "Scott Bradner" in "http://edu.ietf.org/node/view/55" article. Some of the important contributions include: IP, TCP, HTTP, FTP, VPN, LDAP, Telnet, POP3, and many more. Further, in his presentation, Scott describes the scope of other "Standards Development Organisations" (SDOs), as primarily involved in extending and fixing IETF standards, which is correct, as we shall see later in the article.

A sister organisation is www.irtf.org, which is fixed on defining the future of internet standards.

They even have a education page: http://edu.ietf.org

All the current and older internet standards published by IETF can be found at: http://www.rfc-editor.org/rfcxx00.html

One interesting fact about an RFC document is that once published it never get revised; it is obsoleted by another RFC. Internet drafts are used to refer to documents that are in the making and may eventually become an RFC. RFC stands for 'Request for Comments' and they may or may not be a standard; but they are the main technical documentation series of the IETF.

World Wide Web Consortium, W3C (http://www.w3.org/)

W3C has published around 90 recommendations (W3C standards are called recommedations) for web protocols. A diagram of the technology stack of W3C standards can be viewed at: http://www.w3.org/Consortium/technology

W3C also posts tutorials for their standards, which can be found at: http://www.w3.org/2002/03/tutorials

Web services interoperability organisation, WS-I (http://www.ws-i.org/)

Organization for the Advancement of Structured Information Standards, OASIS (http://www.oasis-open.org/who/tab.php)

The Object Management Group, OMG (http://www.omg.org/)


Industry guides

Following is a list of useful technology links dealing with network technologies and standards:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/index.htm


Network Standards/Protocols

WWW family of Standards

Web Service Standards

Standards for non-textual data transfer

This section will deal with the various media data transfer that happen over internet protocol for non-textual data, i.e. binary data, voice packets, images and other media.

Security specific standards and recommendations

IETF has many RFC documents which provide useful security information (http://www.ietf.org/rfc.html). Some of them are listed below; not all of them are relevant or current, but they do provide interesting information regarding the growth of security specific standards and recommendations.

RFC1108 - U.S. Department of Defense Security Options for the Internet Protocol

RFC2196 - Site Security Handbook

RFC2222 - Simple Authentication and Security Layer

RFC2323 - IETF Identification and Security Guidelines

RFC2401 - Security Architecture for the Internet Protocol

RFC2411 - IP Security Document Roadmap

RFC2504 - Users' Security Handbook

RFC2828 - Internet Security Glossary

RFC3365 - Strong Security Requirements for Internet Engineering Task Force Standard Protocols

RFC3414 - User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)

RFC3631 - Security Mechanisms for the Internet

RFC3871 - Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure

RFC4033 - DNS Security Introduction and Requirements

RFC4251 - The Secure Shell (SSH) Protocol Architecture

RFC4301 - Security Architecture for the Internet Protocol

Some of the interesting and useful recommendations would be discussed below:

to do...


W3C have a security FAQ and information page, which has links to popular internet security standards:

http://www.w3.org/Security/

http://www.w3.org/Security/faq/www-security-faq.html

other security related links

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/security.htm

References

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.