Use of Standards - bounswe/bounswe2026group11 GitHub Wiki
Overview
Social Event Mapper is a platform for discovering, creating, and participating in social events on a map. This page
documents the standards we have identified as relevant to our project and describes how we plan to integrate them.
1. W3C Activity Streams 2.0
Standard: W3C Activity Streams 2.0 โ W3C Recommendation, 23 May
2017
Namespace: https://www.w3.org/ns/activitystreams
Which standard we selected
W3C Activity Streams 2.0 โ a JSON-LD based vocabulary for describing social activities as actor โ activity โ object
triples.
Why we chose it
Our project is a social event platform. Every core user interaction maps directly to an AS2 activity type:
| Our Action | AS2 Activity Type |
|---|---|
| User creates an event | Create + Event object |
| User joins an event | Join + Event object |
| User leaves an event | Leave + Event object |
| Host invites a user | Invite + Person + Event |
| Host approves a join request | Accept + Invite object |
| Host rejects a join request | Reject + Invite object |
| User favorites an event | Like + Event object |
| Host cancels an event | Delete + Event object |
How we plan to integrate it
We will use AS2 to structure notification payloads. The backend already has a notifications table. All notification
messages will follow AS2 JSON-LD format.
2. Schema.org + JSON-LD
Standard: Schema.org + W3C JSON-LD 1.1 โ W3C
Recommendation, 16 July 2020
Which standard we selected
Schema.org structured data vocabulary embedded as JSON-LD on event pages.
Why we chose it
Our event data model maps directly to Schema.org types:
| Our field | Schema.org term |
|---|---|
| title | schema:name |
| description | schema:description |
| start_time | schema:startDate |
| end_time | schema:endDate |
| location (lat/lon) | schema:Place + schema:GeoCoordinates |
| status | schema:eventStatus |
| capacity | schema:maximumAttendeeCapacity |
| host | schema:organizer |
| average rating | schema:AggregateRating |
How we plan to integrate it
We will embed a <script type="application/ld+json"> block in the event detail page on the frontend. This makes our
events machine-readable and enables Google rich search results for public events.
3. WCAG 2.1 AA
Standard: W3C WCAG 2.1 โ W3C Recommendation, 05 June 2018
Target conformance level: AA
Which standard we selected
WCAG 2.1 at Level AA โ the internationally recognized standard for web and mobile accessibility.
Why we chose it
Our project has a React web frontend and a React Native mobile app. Accessibility ensures all users including those
with visual, motor, or cognitive impairments can discover and attend events.
How we plan to integrate it
We will apply WCAG 2.1 AA guidelines across the four principle areas:
Perceivable
- Add alt text to all event images and map markers (SC 1.1.1)
- Ensure all text meets 4.5:1 color contrast ratio (SC 1.4.3)
- Provide a non-map fallback list view for event discovery (SC 1.3.1)
Operable
- Make all interactive components keyboard accessible (SC 2.1.1)
- Add visible focus indicators to all focusable elements (SC 2.4.7)
Understandable
- Set lang="en" on the HTML document (SC 3.1.1)
- Add descriptive aria-label attributes to icon-only buttons (SC 3.3.2)
Robust
- Use semantic HTML elements instead of generic div click handlers (SC 4.1.2)
- Ensure all form inputs have associated label elements
4. OWASP Top 10
Standard: OWASP Top 10 โ 2021 Edition
Which standard we selected
OWASP Top 10 2021 โ the industry-standard reference for web application security risks.
Why we chose it
Our Section 13 (Security) requirements directly describe OWASP concepts:
| OWASP Risk | Our Requirement |
|---|---|
| A01 Broken Access Control | ยง13.2.1 โ private event data restricted from unauthorized users |
| A02 Cryptographic Failures | ยง13.1.1 โ passwords hashed with Argon2 |
| A04 Insecure Design | ยง13.2.2 โ invitation lists securely stored |
| A07 Auth Failures | ยง13.1.2 โ OTP and login attempts rate-limited |
| A09 Security Logging | ยง13.4.1 โ security-relevant events logged for monitoring |
How we plan to integrate it
- A01 Broken Access Control โ verify private event endpoints reject unauthorized requests; add integration tests
for all three privacy levels - A02 Cryptographic Failures โ confirm Argon2 password hashing, JWT secret rotation, HTTPS only
- A03 Injection โ verify all database queries use parameterized statements via pgx
- A07 Auth Failures โ audit JWT rotation logic, OTP expiry, and token revocation on logout
- A09 Security Logging โ implement structured security event logging for login attempts and access violations
Summary
| Standard | Version | Use in Social Event Mapper |
|---|---|---|
| W3C Activity Streams 2.0 | Rec. May 2017 | Notification payload format; activity vocabulary for join/leave/invite/accept/reject |
| Schema.org + JSON-LD 1.1 | Rec. July 2020 | Structured data on event pages for SEO and machine readability |
| WCAG 2.1 AA | Rec. June 2018 | Accessibility compliance across web frontend and mobile app |
| OWASP Top 10 | 2021 Edition | Security audit framework aligned with Section 13 requirements |