I just want to first say welcome everyone.

I want to thank you all for coming to TPAC this week, to coming to this session.

Yeah, welcome everyone.

It's been great to meet a bunch of you so far already.

I've had some really great conversations, hearing people's excitement about the future, hearing concerns, all the kinds of things really I want to hear about and talk about.

Really great, my first TPAC, and to just feel the energy that's here and see everything that's happening even in spite of a power outage.

Awesome to see even many of you carrying on in darker spaces or outside.

Really impressed by all that and hearing just all the great work that's getting done.

So really happy to be here.

Before I get underway, I want to thank our TPAC sponsors.

They really, I really appreciate them helping make this big event possible.

So a big thank you to Amazon Web, Google, and Igalia.

Thanks so much for the work you do and for supporting us here.

So, we're doing a plenary instead of a separate AC meeting.

There was some discussion after the AC meeting earlier this year and just thinking about what to do here.

And we decided to make it just a short plenary session.

A lot of the material really would be of general interest to everyone.

I know many of the AC reps actually want to be in the working meetings.

We didn't want to take too much time away.

So really, I'm just here to share information for everybody.

So the agenda, a few quick items here, and we'll get into the details.

First, some updates around the technical agenda.

Updates from, provided to me from the TAG chairs as well as the team.

Key things that we thought would be of general interest that are ongoing and, or soon to come events.

Then I'll provide some corporate updates on finance, on some team updates, as well as some preliminary information based on our membership survey.

And then last, and keeping everyone in suspense, I will be talking about the board of directors and the new board of directors.

So, starting with the technical stuff with so many of you gathered here heads down on the working groups.

Kind of focused on your individual work.

Wanted to make sure we had some time to talk about some of the bigger picture items.

And so again, this is really a lot that the tag chairs have provided me.

And just as a reminder, the TAG continues its program of design review.

It continues working on findings, on design principles, other documents to support people and developers that are building new technologies for the web.

So to start that, I just want to emphasize the ethical web principles.

This is our first formal statement going through process here.

Very excited about that.

I think our ethical web principles are an important aspect of what we do.

I think it helps align all the work that we do and all the different groups with our higher level mission and vision and values.

And it helps bring all of that together.

And I think it really also underpins the TAG's design principles and all the technical work they help direct.

So very excited on the process this is going through just to become a statement.

I want to spend a lot of time though talking about security and privacy.

I think these are where a lot of big challenges, not just as technicians, not just as the consortium, but even as individuals and users of the web.

I think we're faced with a lot here.

And it makes sense, right?

The population of online users continues to grow rapidly, becoming more essential to the lives of so many in the world.

But because of this, it creates a lot more desire and opportunity to put the web to misuse, whether or not deliberately.

So the question is, how does the web help ensure that people aren't flooded with disinformation, with misinformation, that they're unable to distinguish from authentic information, and how do we prevent attacks and sort of just encourage the safety that's one of our core principles?

So, I'll start with a quote from our ethical web principles and then go into some of the detailed work.

The idea is that society relies on the integrity of public information.

And so we have a responsibility to build web technologies to counter misinformation and to maintain the integrity of information for public good.

So the public needs verifiable source and context information so we can recognize trustworthy web publishers and content.

So important work, and this is key to all of us, again, as technologists, as standards developers, and web users, and it's a big challenge.

There's so much change going on.

The web, as we continue to grow, is a massive target.

And so we've had a lot of sessions actually earlier in the year in the AC, in April, on this.

I'll cover on a couple of those and some new events.

So, it wouldn't be a technology conference in 2024 without talking about AI briefly.

There are a lot of risks and threats.

These are not just AI driven, but I think in some ways AI is accelerating the profile of many of these.

There are absolutely many positive uses of various forms of AI, but this is the security and privacy section.

So I want to really talk about, elevate some of the concerns because they're general concerns, again, not just AI, around copyright threats, around misrepresentation, mis- and disinformation.

Deepfake technology continues to get frighteningly good.

And I think a lot about how just the AI code generation makes it faster to develop code, which means it's faster for bad actors to generate attacks and present new hazards for us even as we try to build out a safer web.

And again, there's a lot of sources of all of this.

So looking particularly at the middle to the disinformation,

misrepresentation, and deepfake, I want to talk about some of the paths forward.

First, in general, we have a GitHub discussion going on on where AI intersects with the web and what we might want to do about it.

I encourage you all to join that conversation if you have any kind of interest there.

Second, though, earlier this year, Leonard Rosenthol in April, of Adobe, in April, presented on C2PA in content credentials.

This is a project whose mission is to develop technical specifications that can establish content provenance and authenticity at scale.

So that really important key there, to give publishers, creators, and consumers the ability to trace the origin of media.

And so in part, it's important their efforts are actually well aligned with some W3C principles and work, and in fact, building on some of the work, I believe, from W3C's Text and Data Mining (Reservation Protocol) Community Group.

And we had a breakout, I think earlier today, on authenticity and the web, focusing on organizing a workshop on this topic for next year.

So some good resources there for those that want to go deeper into it.

Digital identities is a big area.

This is continuing to increase in scope and scale as all of us have phones and other web access around the world.

Digital identities have been in, in development in various forms for decades, but I think one of the interesting things is that governments are getting more interested in managing and in being even sources of digital identities.

So becoming both providers and consumers of the technology.

And that creates an even greater potential for the web to change, and really to change the concept of digital identity as we know it.

So given the scope and scale of this innovation and, and just how it's impacting the world and impacting our web, you know, in particular, privacy and other things have just become really key as I think about it.

And we just have to continue to think about the balance in our ecosystem of convenience versus security and privacy.

And there will always kind of be a balance we need to, to make sure we land in, in the right place on.

So more resources on this.

Simone Onofri is the editor of an excellent document on Identity and the web.

It looks at both the market and the human side of identity and the various potentially conflicting needs.

At this point, it's helping to share our understanding of current and some expected impact of developments linked to identity.

There's also a very recent draft report published by the Web Platform Incubator CG on digital credentials.

And it talks a lot about an API to enable user agents to mediate access to, and presentation of digital credentials such as a driver's license or government issued identification card.

And I'll talk a little bit more about some of those concerns in a minute.

But last here is a draft Federated Identity working group charter is in process to develop specifications to enable users to authenticate and an identity or present a credential or some kind of set of claims in a way that's compatible with other protocols and remain supportive of user security and privacy and user agency in making decisions around that.

So, as we look at all these developments and all the demand that's growing, safety and privacy, you know, needs to be top of mind as we embrace our principles safely enabling all of these identity related interactions.

It's going to require some new thinking, some new mechanisms, some changes to existing mechanisms, and allowing the user agent to really allow individuals to select identity information just relevant to a given transaction, such as assertions, credentials, or specific attributes.

I think these mechanisms need to be also viable for the issuers, for the identity providers, verifiers, relying parties to exchange information as securely and privately as possible.

So it's a complex ecosystem, a lot of different stakeholders with different needs that we need to balance as we do this work.

We're not alone in this work, there's protocols and formats being developed elsewhere, including ISO, IETF, OIDF, but the web platform layer needs to be standardized as well, and provide a secure and privacy preserving API framework that is both agnostic to but compatible with all these different other identity requests and response protocols and formats.

So, definitely an area where we need to work in partnership with some of our peer organizations.

I talked a little bit briefly about government identity and I want to dig a little bit deeper into the work that we're doing here because I think it, it just, this scenario raises a lot of questions as we think about developing the standards and building technology on those standards.

If we think about, you know, the idea of government identity, of using passports, driver's license, other government issued IDs, there's a lot of benefit that could be used or that could be garnered from having a side credential for government use.

What if a government agency website could access all your signed credentials as needed and biometrics to support asserting your own identity in a government related transaction?

There could be a lot of ease and a lot of convenience in doing that.

But as we start thinking about implementing that, this requires both identity security for you, in other words, the government trusting that you're who you say you are and you or your user agent, you're you or your user agent being able to discern if the requester is actually the agency that they say they are so that you can have that trusted handshake of information, that mutual verification of identity and provenance.

But there's also a big question of privacy, because most of our government issued IDs have a lot of personal information associated with them that you might not want to share in any given transaction.

And so as we think about a government ID, we need to enable that targeted, controlled access to our identity, the data minimization principle in privacy.

For example, a dual national might only want to share one ID as they're going through some particular government transaction for whatever reason.

Or maybe if you're providing an ID to buy alcohol, you may not want your address being communicated as part of that simple age check, which right now actually with physical medium, people can see all of that.

So, as we start really digging into the hard work of developing and implementing government and other sort of related IDs, we do need to embrace the privacy principle that allows, that keeps people at the center of the decision making in these transactions of what kind of personal data actually gets shared.

So a lot of work to do on privacy, thinking about some of the next steps.

The TAG has recently released their recommendation on third party cookies.

There's a lot of work to do here, but I think a key aspect of this finding is about finding the balance between current expectations of our users.

Particularly ones that improve the user experience, and there are many.

And making sure that user privacy, that agency that I just talked about, is also honored and respected in the process.

So, they're suggesting, in this recommendation, an approach of using technologies that are designed-for-purpose to meet these two different points, these almost conflicting needs and find that balance.

They've cited FedCM as a good example of working on this.

I think there's also an important notion that APIs and solutions in this space, each API might in itself provide sort of a minimal risk surface.

But, we also need to be thoughtful as we build sort of a set of APIs and possibly disparate development communities that they don't in combination allow people to exploit them in ways that we wouldn't want it to be exploited.

So it's a fairly complex space as we think about moving into an API world to do that.

But to support all this, we have our privacy principles and these are also going through a statement process.

I encourage those that haven't seen that, absolutely worth reading through.

It starts off with getting down to the basic definition of what do we mean by privacy on the web.

So we're all on the same page as we look at the principles.

And then, it outlines design principles for spec authors, user agent developers, and web developers to help make sure we all get the guidance we need in ensuring privacy in the work we do.

So with this and the appointment of Tara Whalen as our Privacy Lead, we're now poised to really dig in harder on privacy.

And I'm looking forward to the progress we make on this crucial area.

All right, a few other technical updates on the horizontal front.

First, Internationalization.

There's no big sort of headline with internationalization.

There's just a lot of work that's been going on and worth highlighting.

So I want to mention, we continue to just do the important work of layout requirements and other support for different languages and scripts around the globe.

And in the recent months, we've actually published layout requirements for 35 scripts, which is fantastic.

Just continuing our goal to keep analyzing and filling the gaps in the support of languages from around the world.

This recent work includes additional support for scripts like Lao, Canadian Aboriginal Syllabics and Devanagari.

So, great work on the internationalization front.

We also have a lot going on in the accessibility world as well.

We're in the process of submitting WCAG 2.2 to ISO.

So, this is actually a really important step because there are parts of the world, many several countries that actually are able to leverage ISO standards but not actually use W3C standards.

So, this is actually a great channel to continue to promote good accessibility practices around the world.

And I'm excited that's happening.

We're also planning on publishing the WCAG, the WCAG2ICT, lots of letters in there, WCAG2ICT information in October.

And, this is really about applying WCAG beyond just what we do today to mobile apps, to documents, software, and other information.

It's some work that's been going on, but we're really putting together all the information and communication technologies into this publication.

And this is going to help support a lot of organizations that have accessibility requirements, may already be leveraging WCAG to extend those principles and standards into other media as well so they can continue to meet their compliance needs.

AI and accessibility, we have some work going on there.

The W3C's Research Question Task Force for the Accessible Platform Architectures Working Group is documenting opportunities as well as issues with accessibility of machine learning and generative AI.

So looking more forward to some of the updates there as well.

And then last, as staffing, as you'll see in a minute, we've been building up team, including on the accessibility front.

Part of that is to continue to support working group priorities, but also helping just enhance our broader mission, supplementing the work of the volunteer editors so we can just, you know, help make the standards work, progress the work faster through the system.

We can also just excel at mission-critical aspects, like providing high quality translations of W3C accessibility resources and tools, to support organizations around the world in meeting their accessibility goals.

So big thanks to the accessibility groups that are working on that, as well as the team.

And then advanced APIs.

I think the last thing the TAG chair thought was worth mentioning is how the TAG is continuing to focus on advanced APIs and helping ensure that they're designed to get adoption across multiple implementers, like all, all the work that we try to do.

Meaning that the advanced API developers should avoid the temptation of browser dependent web apps and, really look at being webby, right?

There's a lot of important features, I think, being developed here.

But embracing the principles of our web, of our standards, you know, needs to be an important part of this as well.

Making sure they're open and interoperable, and honor all our horizontals in the process of developing them.

A lot of ways to get involved.

All of these things together, I think, just demonstrate some of the need for us to work together across these horizontals, across all these other works and make sure that we're aware of stuff happening in some of the groups.

We can't talk about everything that's going on in a short plenary, but hopefully that gives you some ideas of some of the key work that I think affects all of us that's happening right now.

If you have thoughts on these subjects, if you're interested in getting involved, or just want a better understanding, reach out to TAG, reach out to the team.

Follow some of the links that I've included in the deck and there's a lot of ways to get plugged in.

And one very important way to get plugged in is the upcoming TAG election.

So, I encourage you all to start thinking now about who you might want to put forward or if you yourself would like to become a part of the TAG.

We believe more candidates just can result in, in better outcomes because it gives a lot of choice, a lot of discussion about what's important for the TAG.

We also think diversity is very important.

We keep striving to make sure the TAG, as best as we can, represents the diversity of the web users themselves.

So, a lot of work to do there.

More announcements coming soon, but if you have questions about being in the TAG, please ask Dan Appelquist or anyone in the TAG.

There he is, waving his hand for us.

He's even pointing out where he is, so thank you, Dan.

He's happy to answer any questions as the rest of the TAG is.

And while there's a bit of commitment there, the TAG does a great job of being flexible around scheduling, knowing it's a global group.

And I think they do really good work there to make sure they just get the best out of everybody.

So, appreciate how that's run.

And let's see, there will be four seats open, so there'll be some good opportunity for new people to run, as well as people to rerun.