Re: Grad School Roller Coaster

Rohit Khare (
Fri, 17 Jan 1997 10:16:18 -0500

[And I'll continue on my self-indulgent kick by cc:ing FoRK my

Rohit Khare --
Accomplishments 1995-7

This is a summary of some of my accomplishments at the W3C over
the past two years

World Wide Web Consortium
Major Projects
Other Activity Areas
Additional Outside Activity
Classes taken at MIT


When I graduated from Caltech in the spring of 1995, I had very tough
time choosing among several diverse career options. With my dual
background in computer science and economics, I was torn between
graduate school, software development, Wall Street, management
consulting, technology marketing, etc... Luckily, I struck an ideal
opportunity to help launch the World Wide Web Consortium at MIT
which blended aspects of each of these careers. Even before graduating
from Caltech, I joined on at MIT to work on Web Security standards
and I branched out from there. I have seen the Consortium grow from
three people to over thirty at MIT, INRIA in France, and Keio
University in Japan. My formal role at the consortium has made a part of
many W3C projects, and my informal role has kept me in touch with the
rest, a unique position reflected in my editorship of the Web Journal.

Given my mix of talents and interests, it's less surprising in retrospect
in business, I'm positioned as a technical resource (such as my software
development ventures and newswriting), while in this technical
organization my business skills have been more leveraged: public
speaking, meeting management, coordination with member companies'
technical management, working closely with our project managers,
helping set the direction of our internal management, press relations, and
more. I want to become a graduate student to focus exclusively on
technical and scientific side, since I have the rest of my professional
to develop my business skills.

At W3C, I have worked closely with almost every staff member, so it's
hard to pick out just one or two people to prepare a recommendation.
Even my direct supervisor, Jim Miller, has only overseen a portion of my
activities here. I've decided, then, to ask Director Tim Berners-Lee alone
to speak about my record here.

Major Projects


Web security has been my abiding interest at the W3C. Web security
battles in the market were at their peak in spring 1995; I left school
immediately to rush out to W3C to get started. Within three weeks, I
formulated and presented our strategy to the Advisory Committee, and
we've followed through with it by and large for the last two years. Over
1995, I drafted several technical proposals for adding security to HTTP,
including the Security Extension Architecture (SEA) for our expert
Security Editorial Review Board (Ron Rivest, Butler Lampson, Jeff
Schiller and others). These results were presented to our member
organizations' security experts at quarterly working group meetings
around the world (seven at last count). I have also been tracking related
developments in this area intensively. I've attended and spoken at several
related professional conferences (RSA Data Security series, USENIX
security workshop, DIMACS Workshop on Trust Management,
National Research Council Information Systems Trustworthiness Project
/ Workshop on Rights Management).

In 1996, we focused on deploying the first part of the security plan,
digital signatures. I outlined a novel approach to security based on signed
assertions rather than digital signatures alone. I worked closely with Jim
Miller to line up academic, commercial, and government support from a
wide range of organizations. The DSIG meeting series dates back to
April 1996 and represents our major success in the security arena.
Recently, I have been working with project manager Philip DesAutels to
write several key documents: the overall architecture, signature label
design, and key technical specifications for the cryptography and label
embedding. I have helped supervise a Master's student who has been
implementing a trust engine which implements user policies based on
signed assertions.

I have represented the W3C in other security-related projects at the
IETF: DNS security, email security as it impacts HTTP/MIME, and
Transport Layer Security, where I have been running the mailing list.

Proposed Digital Signature Architecture
Digital Signature Label Architecture
Presentation on the history of W3C's involvement in security and
electronic commerce (4th International Web Conference)
Presentation on W3C's approach to layered web security (1996
RSA Data Security Conference)
Working Draft on the Security Extension Architecture (SEA)


Electronic Payment was 'separated at birth' from Web Security. From
the beginning, W3C has maintained parallel tracks of interested members
on these two topics. During 1995, I worked with Philip and Jim to host
several Payments WG meetings and edited overview papers and web
pages. The first set of undergraduate researchers I supervised began
working in this area, by simulating electronic shopping malls. Near the
end of that year, Jim helped seed the idea of JEPI, the Joint Electronic
Payments Initiative with CommerceNet. Beginning with
videoconferences in Dec 95 and a kickoff meeting in Jan 96, W3C
brought key browser, server, payment, and merchant players together to
work on the critical glue technology for integrating electronic payments
with the Web.

I worked closely with Donald Eastlake and technologists from each of
the participating firms to develop the technical proposal at the heart of
JEPI. This interacted strongly with the parallel development of PEP.
Development proceeded throughout spring and summer through to
August '96 in a series of face-to-face and teleconference sessions. My
role in this project has reduced since Daniel Dardailler became project
manager and Eui-Suk Chung took over as technical contact.

Our efforts in developing and prosyletizing JEPI have been very
successful to gauge by the massive interest in JEPI2.

I also was technical liason to the Financial Services Technology
Consortium and participated in the First USENIX Workshop on
eCommerce. I am also a founding member of the Digital Commerce
Society of Boston.

Selecting Payment Mechanisms Over HTTP


PEP is the technology underlying several of the initiatives of the
Technology & Society Domain. I have worked closely with a long list of
HTTP designers to understand this problem area and make cogent
proposals. This has been a substantially more difficult assignment than
anyone foresaw, especially with the joint proposal of technology for
extension and negotiation over extensions to use. I have created several
drafts of the technology and trained several dozen people in its use. It's
been a major education to work with the IETF and the IETF process.

I have also worked closely with Henrik and Anselm to prepare
prototype implementations in our code base. I have supervised
undergraduate research students who have worked on separate
implementations as well.

HTTP/1.1 Extension Protocol (PEP)


Supported Jim, Paul Resnick and others in the technical design, review,
and current evolution of PICS. Work on Digital Signature initiative fed
into PICS-1.2 revision.

Web Journal

Editor-in-Chief of the World Wide Web Journal (W3J), an official
publication of the W3C published by O'Reilly & Associates. I was
responsible for setting the theme, selecting articles, editing technical
papers, and more. Prepared three issues to date: The Web After Five
Years (Demographics), Building an Industrial Strength Web (HTTP
and related protocols), Advancing HTML: Style and Substance (User
Interface technology), and upcoming issues on scripting languages and
Web Security.

Other Activity Areas


There is intense commercial interest in understanding the demographics
of Web usage, which must be balanced against users' privacy concerns
in Web protocols. I coordinated W3C activity in this area from Fall
1995 to Summer 1996.

One of the highlights was organizing and speaking at the W3C/MIT
Workshop on Internet Survey Methodology and Web Demographics.
At the same time, I became heavily involved in the HTTP
state-management subgroup preparing a specification for user-tracking
'cookies', currently an IETF Proposed Standard.

Architecture Domain

Whiteboard discussions with the experts about the future of the Web
have been the real joy of this job. As W3C's "Technology Expert", I
have participated in W3C workshops and specifications about mobile
code, scripting languages, distributed objects, fonts, printing, link
architecture, and the design of next-generation HTTP. Along the way, I
also took on the role of liason to the Object Management Group and
MIT researchers working on caching and naming systems.

Web Conference Series

I participated, reviewed papers, and spoke at the Fourth and Fifth
International Web Conferences. I am also the official W3C liason to the
upcoming Sixth Conference, responsible for the W3C conference track,
panels, and developer day programs.

Additional Outside Activities

Reviewed WebObjects technology in July 1996 Byte magazine.

Corporate Internet strategy consulting for Roadrunner Technology,
Canon, and Bain & Co.

Classes taken at MIT

6.852J Distributed Algorithms

Design and analysis of concurrent algorithms, emphasizing those suitable
for use in distributed networks. Process synchronization, allocation of
computational resources, distributed consensus, dstributed graph
algorithms, election of a leader in a network, distributed selection,
distributed termination, deadlock detection, concurrency control,
communication, clock synchronization. Special consideration given to
issues of efficiency and fault tolerance. Formal models for distributed

Nancy A. Lynch

Grade: A. This class included a final project, where we investigated
locking and leasing protocols for multiuser Web authoring:

Formal Modeling of a Resource-Leasing Extension to
By modeling a network of HTTP agents as asynchronous
network automata (with access to clocks), we can help
articulate the power and limits of Web-based computation.
We model relevant aspects of HTTP and use the result to
treat the problem of resource check-out/check-in from a
single server.

6.826 Principles of Computer Systems

An introduction to the basic principles of computer systems with
emphasis on the use of rigorous techniques as an aid to understanding
and building modern computing systems. Particular attention paid to
concurrent and distributed systems. Topics include specification and
verification, concurrent algorithms, synchronization mechanisms, naming,
communication protocols, replication techniques (including distributed
cache management), and principles and algorithms for achieving

Nancy A. Lynch and Butler Lampson

Grade: I. Though I did well on the exams, increasing W3C-related
travel put me irrecoverably behind on homeworks.