The world may be on the cusp of Web 3.0. Some of us digital immigrants still are trying to get our arms around Web 2.0. We have been told that Web 2.0 is all about information sharing. Applications, storage and data are Web-enabled. Virtualization has made information easier to use and share. Social networking has created whole new environments for information sharing.
The global security community has embraced Web 2.0—and its supporting technologies and services—with caution. While everyone appreciates the value of increased information sharing, there is serious concern about providing greater data access and exchange securely. There has been some success in securing information sharing within enterprises, whether those are government, industry, academia or private sector. Security is trickier across and among enterprises because some solutions do not scale well, and it is difficult to gain agreement across enterprises on trust mechanisms and business rules for logical and physical access.
Much Internet use is anonymous, and that makes trust challenging. Some technologies allow identity verification and management of attributes, but there is no agreement on how to federate these services on a regional, community, national or international basis. Progress is being made, but slowly. Until security and trust services across enterprises become accepted as reliable, Web 2.0 use will remain primarily within enterprises in the global security community and most of government and industry.
Web 2.0 primarily is used to empower people. Individuals use Web 2.0 technologies and services to discover and access information. They use these services to share information with other people, either individually or in groups. There is little machine-to-machine, computer-to-computer use of these services because the protocols and language used in Web 2.0 were designed for people. This is the primary difference in Web 3.0 as it is envisioned.
Web 3.0, sometimes called the semantic Web, was described initially by Tim Berners-Lee, the inventor of the first World Wide Web and the director of the World Wide Web Consortium (WWWC). It is the WWWC that proposes to develop standards for the semantic Web. In 2006, Berners-Lee described the semantic Web as “a web of data that can be processed directly and indirectly by machines.” The idea is that computers would be given the framework and tools to apply logic in searching and applying data in much the same way that humans do. For years the concept of software agents searching the Web to discover and apply data has been pursued. The semantic Web would enable that concept. Many of the tools necessary to Web 3.0 have been developed and are in some use. But it is a long path to the envisioned semantic Web. Some critics say it cannot be done, at least not on a global basis.
Let us assume that the technical obstacles of the semantic Web can be overcome. The transition from Web 1.0 to Web 2.0 took 10 years. Because the transition to Web 3.0 is even more challenging, we can reasonably assume it will take some time to achieve Web 3.0. For the global security community, it may be more difficult to embrace than Web 2.0. Most of the resistance to Web 2.0 in the global security community has been around security and trust. If sharing information among people has been that difficult, imagine the angst in giving access to machines and software agents.
The common business rules that have been elusive in cross-enterprise implementation of Web 2.0 will pale in comparison to the governance required in the semantic Web. Speed and volume would grow dramatically without humans in the loop to slow the process. It is envisioned that the machines themselves would begin to generate new information on the semantic Web.
I am not passing judgment on this new concept. I can see applications where it would be very useful. I simply am pointing out the great difficulty experienced to date with Web 2.0 and how it is governed, particularly in the global security community. Much work remains to gain the full potential of Web 2.0. I am concerned that any extensive use of Web 3.0 in the global security community will be difficult. As with Web 2.0, I believe Web 3.0 services primarily will be intra-enterprise initially until consensus can be reached on security and governance in a multi-enterprise environment. Given the track record with Web 2.0, I believe such consensus will be a long time coming. Just a thought.