This is a summary of some of my accomplishments at the W3C over the past two years
When I graduated from Caltech in the spring of 1995, I had very tough time choosing among several diverse career options. With my dual background in computer science and economics, I was torn between graduate school, software development, Wall Street, management consulting, technology marketing, etc... Luckily, I struck an ideal opportunity to help launch the World Wide Web Consortium at MIT which blended aspects of each of these careers. Even before graduating from Caltech, I joined on at MIT to work on Web Security standards and I branched out from there. I have seen the Consortium grow from three people to over thirty at MIT, INRIA in France, and Keio University in Japan. My formal role at the consortium has made a part of many W3C projects, and my informal role has kept me in touch with the rest, a unique position reflected in my editorship of the Web Journal.
Given my mix of talents and interests, it's less surprising in retrospect that in business, I'm positioned as a technical resource (such as my software development ventures and newswriting), while in this technical organization my business skills have been more leveraged: public speaking, meeting management, coordination with member companies' technical management, working closely with our project managers, helping set the direction of our internal management, press relations, and more. I want to become a graduate student to focus exclusively on technical and scientific side, since I have the rest of my professional life to develop my business skills.
At W3C, I have worked closely with almost every staff member, so it's hard to pick out just one or two people to prepare a recommendation. Even my direct supervisor, Jim Miller, has only overseen a portion of my activities here. I've decided, then, to ask Director Tim Berners-Lee alone to speak about my record here.
Web security has been my abiding interest at the W3C. Web security battles in the market were at their peak in spring 1995; I left school immediately to rush out to W3C to get started. Within three weeks, I formulated and presented our strategy to the Advisory Committee, and we've followed through with it by and large for the last two years. Over 1995, I drafted several technical proposals for adding security to HTTP, including the Security Extension Architecture (SEA) for our expert Security Editorial Review Board (Ron Rivest, Butler Lampson, Jeff Schiller and others). These results were presented to our member organizations' security experts at quarterly working group meetings around the world (seven at last count). I have also been tracking related developments in this area intensively. I've attended and spoken at several related professional conferences (RSA Data Security series, USENIX security workshop, DIMACS Workshop on Trust Management, National Research Council Information Systems Trustworthiness Project / Workshop on Rights Management).
In 1996, we focused on deploying the first part of the security plan, digital signatures. I outlined a novel approach to security based on signed assertions rather than digital signatures alone. I worked closely with Jim Miller to line up academic, commercial, and government support from a wide range of organizations. The DSIG meeting series dates back to April 1996 and represents our major success in the security arena. Recently, I have been working with project manager Philip DesAutels to write several key documents: the overall architecture, signature label design, and key technical specifications for the cryptography and label embedding. I have helped supervise a Master's student who has been implementing a trust engine which implements user policies based on signed assertions.
I have represented the W3C in other security-related projects at the IETF: DNS security, email security as it impacts HTTP/MIME, and Transport Layer Security, where I have been running the mailing list.
Electronic Payment was 'separated at birth' from Web Security. From the beginning, W3C has maintained parallel tracks of interested members on these two topics. During 1995, I worked with Philip and Jim to host several Payments WG meetings and edited overview papers and web pages. The first set of undergraduate researchers I supervised began working in this area, by simulating electronic shopping malls. Near the end of that year, Jim helped seed the idea of JEPI, the Joint Electronic Payments Initiative with CommerceNet. Beginning with videoconferences in Dec 95 and a kickoff meeting in Jan 96, W3C brought key browser, server, payment, and merchant players together to work on the critical glue technology for integrating electronic payments with the Web.
I worked closely with Donald Eastlake and technologists from each of the participating firms to develop the technical proposal at the heart of JEPI. This interacted strongly with the parallel development of PEP. Development proceeded throughout spring and summer through to August '96 in a series of face-to-face and teleconference sessions. My role in this project has reduced since Daniel Dardailler became project manager and Eui-Suk Chung took over as technical contact.
Our efforts in developing and prosyletizing JEPI have been very successful to gauge by the massive interest in JEPI2.
I also was technical liason to the Financial Services Technology Consortium and participated in the First USENIX Workshop on eCommerce. I am also a founding member of the Digital Commerce Society of Boston.
PEP is the technology underlying several of the initiatives of the Technology & Society Domain. I have worked closely with a long list of HTTP designers to understand this problem area and make cogent proposals. This has been a substantially more difficult assignment than anyone foresaw, especially with the joint proposal of technology for extension and negotiation over extensions to use. I have created several drafts of the technology and trained several dozen people in its use. It's been a major education to work with the IETF and the IETF process.
I have also worked closely with Henrik and Anselm to prepare prototype implementations in our code base. I have supervised undergraduate research students who have worked on separate implementations as well.
Supported Jim, Paul Resnick and others in the technical design, review, and current evolution of PICS. Work on Digital Signature initiative fed into PICS-1.2 revision.
Editor-in-Chief of the World Wide Web Journal (W3J), an official publication of the W3C published by O'Reilly & Associates. I was responsible for setting the theme, selecting articles, editing technical papers, and more. Prepared three issues to date: The Web After Five Years (Demographics), Building an Industrial Strength Web (HTTP and related protocols), Advancing HTML: Style and Substance (User Interface technology), and upcoming issues on scripting languages and Web Security.
There is intense commercial interest in understanding the demographics of Web usage, which must be balanced against users' privacy concerns in Web protocols. I coordinated W3C activity in this area from Fall 1995 to Summer 1996.
One of the highlights was organizing and speaking at the W3C/MIT Workshop on Internet Survey Methodology and Web Demographics. At the same time, I became heavily involved in the HTTP state-management subgroup preparing a specification for user-tracking 'cookies', currently an IETF Proposed Standard.
Whiteboard discussions with the experts about the future of the Web have been the real joy of this job. As W3C's "Technology Expert", I have participated in W3C workshops and specifications about mobile code, scripting languages, distributed objects, fonts, printing, link architecture, and the design of next-generation HTTP. Along the way, I also took on the role of liason to the Object Management Group and MIT researchers working on caching and naming systems.
Web Conference Series
I participated, reviewed papers, and spoke at the Fourth and Fifth International Web Conferences. I am also the official W3C liason to the upcoming Sixth Conference, responsible for the W3C conference track, panels, and developer day programs.
Reviewed WebObjects technology in July 1996 Byte magazine.
Corporate Internet strategy consulting for Roadrunner Technology, Canon, and Bain & Co.
6.852J Distributed Algorithms
Design and analysis of concurrent algorithms, emphasizing those suitable for use in distributed networks. Process synchronization, allocation of computational resources, distributed consensus, dstributed graph algorithms, election of a leader in a network, distributed selection, distributed termination, deadlock detection, concurrency control, communication, clock synchronization. Special consideration given to issues of efficiency and fault tolerance. Formal models for distributed computation.
Nancy A. Lynch
Grade: A. This class included a final project, where we investigated locking and leasing protocols for multiuser Web authoring:
Formal Modeling of a Resource-Leasing Extension to HTTP
By modeling a network of HTTP agents as asynchronous network automata (with access to clocks), we can help articulate the power and limits of Web-based computation. We model relevant aspects of HTTP and use the result to treat the problem of resource check-out/check-in from a single server.
6.826 Principles of Computer Systems
An introduction to the basic principles of computer systems with emphasis on the use of rigorous techniques as an aid to understanding and building modern computing systems. Particular attention paid to concurrent and distributed systems. Topics include specification and verification, concurrent algorithms, synchronization mechanisms, naming, communication protocols, replication techniques (including distributed cache management), and principles and algorithms for achieving reliability.
Nancy A. Lynch and Butler Lampson
Grade: I. Though I did well on the exams, increasing W3C-related travel put me irrecoverably behind on homeworks.