Rundown.WTF

Standards Bodies

Where specs come from — the organizations that define, publish, and maintain the internet and web specifications. The difference between canonical (normative) and convenient reference matters.

Canonical vs Convenient

Canonical (normative)

The actual spec text as published by the standards body. This is what the protocol actually says. Use for precise behavior, edge cases, and security analysis.

RFC Editor · WHATWG · W3C · OpenID · CA/B Forum

Convenient (practical)

Tutorials, MDN docs, vendor guides. Easier to read, great for implementation. Not authoritative — may simplify, lag updates, or contain errors.

MDN · Cloudflare · Auth0 · OWASP · vendor docs

RFC Editor

RFC Editor49 specs indexed · 28 must-know

The canonical publication point for finalized RFCs. If a protocol is standardized as an RFC, the RFC Editor text is the normative final reference. Published by the IETF, IRTF, IAB, and independent stream.

Publishes: Request for Comments (RFCs) — finalized internet standards
Naming & AddressingTransportTransport SecurityHTTPState & SessionsData FormatsAuthentication & AuthorizationEmailReal-timeWebRTCVPN & Tunneling
DNS ConceptsDNS ImplementationURIIPv4IPv6TCPUDPQUICTLS 1.3HSTSHTTP SemanticsHTTP CachingHTTP/1.1HTTP/3Problem DetailsCookiesJSONmultipart/form-dataJSON SchemaOAuth 2.0Bearer TokensPKCEOAuth Security BCPJWTJWKWebSocketICESTUNTURNDTLS-SRTPOpenAPI 3.1SMTPIMFIMAPSPFDKIMDMARCSCIM 2.0iCalendarIPsec ArchitectureESPIKEv2AHGREL2TPv3MOBIKEPPTPIPsec/IKE RoadmapJSON-RPC 2.0
Visit

IETF

Internet Engineering Task Force1 spec indexed · 1 must-know

The primary standards body for internet protocols. Produces RFCs through working groups. Use IETF Datatracker for active drafts, working group status, and revision history.

Publishes: Internet Standards via RFC process; active drafts and working group documents
Naming & AddressingTransportTransport SecurityHTTPState & SessionsData FormatsAuthentication & AuthorizationEmailReal-timeVPN & Tunneling
WireGuard
Visit

IANA

Internet Assigned Numbers Authority1 spec indexed · 1 must-know

Authoritative registry for protocol parameters: ports, HTTP status codes, media types, DNS record types, and many other code points. Not a spec body — a registry body.

Publishes: Protocol parameter registries — ports, media types, status codes, DNS types, etc.
Naming & AddressingHTTPData FormatsEmail
Media Types
Visit

WHATWG

Web Hypertext Application Technology Working Group15 specs indexed · 7 must-know

Maintains the living standards for the web platform: HTML, DOM, Fetch, URL, Streams, and more. These are continuously updated living documents, not versioned snapshots.

Publishes: Living standards: HTML, DOM, Fetch, URL, Encoding, Streams, Console
Browser PlatformHTTPNaming & AddressingInput & InteractionDevice Access & Sensors
URL StandardCORSHTMLDOMFetchWeb ComponentsWeb StorageWeb WorkersStreamsHistory APIEncodingDrag & DropNotificationsFullscreenSSE
Visit

W3C

World Wide Web Consortium44 specs indexed · 7 must-know

Publishes web platform specs including CSS, accessibility, security policies, Service Workers, Web App Manifest, and many browser APIs. Also maintains some versioned HTML/DOM specs.

Publishes: CSS, browser security (CSP, CORS), Service Workers, App Manifest, accessibility, SVG, and more
Browser PlatformTransport SecurityMedia DeliveryInput & InteractionDevice Access & SensorsGraphics & XR
CSPWebAuthnCSSService WorkersApp ManifestWeb AnimationsIndexedDBWeb CryptoIntersection ObserverResize ObserverPerformance APIsPush APIClipboard APIFile APIUI EventsPointer EventsTouch EventsInput EventsGamepadSelection APIPermissionsGeolocationgetUserMediaPage VisibilityScreen OrientationWake LockMediaRecorderScreen CaptureSensorsWeb BluetoothWebUSBWeb SerialWebHIDWeb MIDIVibrationPiPWebGPUWebXRWebTransportWebRTCMSEEMEDID CoreVC Data Model
Visit

OpenID

OpenID Foundation1 spec indexed · 1 must-know

Canonical home for OpenID Connect specifications: OIDC Core, Discovery, Session Management, Dynamic Registration, and related profiles. Separate from the OAuth IETF work.

Publishes: OpenID Connect Core and related profiles; identity federation specs
Authentication & AuthorizationIdentity & Provisioning
OIDC
Visit

CA/B Forum

CA/Browser Forum1 spec indexed · 1 must-know

Sets operational policy for publicly trusted TLS and S/MIME certificates. The Baseline Requirements are normative for all publicly trusted CAs and major browsers.

Publishes: Baseline Requirements for public TLS certificates and S/MIME certificates
Certificate TrustTransport Security
CA/B BR
Visit

ICANN

Internet Corporation for Assigned Names and Numbers

Governs the DNS root zone, domain name policy, registry/registrar accreditation, and RDAP deployment context. Operational policy, not protocol design.

Publishes: Domain name operational policy, RDAP deployment context, registry agreements
Naming & Addressing
Visit

Unicode

Unicode Consortium

Canonical source for Unicode character semantics, IDNA compatibility processing (UTS #46), and internationalized identifier behavior. Essential when handling non-ASCII domains or user data.

Publishes: Unicode Standard, Unicode Technical Standards (UTS), CLDR
Naming & AddressingData Formats
Visit

Ecma

Ecma International1 spec indexed · 1 must-know

Publishes the ECMAScript (JavaScript) language specification and related standards. TC39 is the committee responsible for ECMAScript evolution.

Publishes: ECMAScript (JavaScript), JSON (ECMA-404), and related standards
Browser PlatformData Formats
ECMAScript
Visit

FIDO

FIDO Alliance

Develops authentication standards for strong, phishing-resistant authentication: FIDO2, WebAuthn (co-published with W3C), and CTAP. Key for passkeys and modern MFA.

Publishes: FIDO2, CTAP, passkey specifications; co-authors WebAuthn with W3C
Authentication & AuthorizationIdentity & Provisioning
Visit

EIP / ERC

Ethereum Improvement Proposals8 specs indexed · 6 must-know

The Ethereum community's open process for proposing changes to the protocol. EIPs cover core protocol changes; ERCs (Ethereum Request for Comments) cover application-layer standards like token interfaces.

Publishes: EIPs (protocol) and ERCs (application standards) for the Ethereum ecosystem
Blockchain & Web3
EIP-1ERC-20ERC-721ERC-1155EIP-712EIP-1559SIWEERC-721 Metadata
Visit

BIP

Bitcoin Improvement Proposals3 specs indexed · 3 must-know

The Bitcoin community's open process for proposing protocol changes, standards, and informational documents. BIPs cover everything from consensus rules to wallet derivation paths and payment URIs.

Publishes: Bitcoin Improvement Proposals — protocol, standards, and informational
Blockchain & Web3
BIP-32BIP-39BIP-44
Visit

GraphQL

GraphQL Foundation1 spec indexed

Stewards the GraphQL specification, originally developed at Facebook/Meta. The GraphQL Foundation is a Linux Foundation project. The spec defines the query language, type system, and execution model.

Publishes: GraphQL Language Specification
API Design
GraphQL
Visit

gRPC

Google / gRPC2 specs indexed

gRPC is an open-source RPC framework originally developed at Google. It uses Protocol Buffers (protobuf) as its IDL and wire format, and HTTP/2 as the transport. Now a CNCF graduated project.

Publishes: gRPC framework spec, HTTP/2 bindings, and Protocol Buffer usage
API Design
gRPCProtobuf
Visit

AsyncAPI

AsyncAPI Initiative1 spec indexed

Maintains the AsyncAPI specification — an OpenAPI-like description language for event-driven and message-based APIs. Covers WebSocket, MQTT, AMQP, Kafka, and more.

Publishes: AsyncAPI Specification for event-driven and async API description
API DesignReal-time
AsyncAPI
Visit

Khronos

Khronos Group1 spec indexed · 1 must-know

Industry consortium that publishes open graphics, compute, and media standards. Maintains WebGL, OpenGL ES, Vulkan, and related GPU interface specifications used across browsers and native platforms.

Publishes: WebGL, OpenGL, Vulkan, SPIR-V, and GPU interface standards
Graphics & XR
WebGL
Visit