-
Notifications
You must be signed in to change notification settings - Fork 1
Use of Standards
Social Event Mapper is a platform for discovering, creating, and participating in social events on a map. This page
documents the standards we have identified as relevant to our project and describes how we plan to integrate them.
Standard: W3C Activity Streams 2.0 — W3C Recommendation, 23 May
2017
Namespace: https://www.w3.org/ns/activitystreams
W3C Activity Streams 2.0 — a JSON-LD based vocabulary for describing social activities as actor → activity → object
triples.
Our project is a social event platform. Every core user interaction maps directly to an AS2 activity type:
| Our Action | AS2 Activity Type |
|---|---|
| User creates an event | Create + Event object |
| User joins an event | Join + Event object |
| User leaves an event | Leave + Event object |
| Host invites a user | Invite + Person + Event |
| Host approves a join request | Accept + Invite object |
| Host rejects a join request | Reject + Invite object |
| User favorites an event | Like + Event object |
| Host cancels an event | Delete + Event object |
We will use AS2 to structure notification payloads. The backend already has a notifications table. All notification
messages will follow AS2 JSON-LD format.
Standard: Schema.org + W3C JSON-LD 1.1 — W3C
Recommendation, 16 July 2020
Schema.org structured data vocabulary embedded as JSON-LD on event pages.
Our event data model maps directly to Schema.org types:
| Our field | Schema.org term |
|---|---|
| title | schema:name |
| description | schema:description |
| start_time | schema:startDate |
| end_time | schema:endDate |
| location (lat/lon) | schema:Place + schema:GeoCoordinates |
| status | schema:eventStatus |
| capacity | schema:maximumAttendeeCapacity |
| host | schema:organizer |
| average rating | schema:AggregateRating |
We will embed a <script type="application/ld+json"> block in the event detail page on the frontend. This makes our
events machine-readable and enables Google rich search results for public events.
Standard: W3C WCAG 2.1 — W3C Recommendation, 05 June 2018
Target conformance level: AA
WCAG 2.1 at Level AA — the internationally recognized standard for web and mobile accessibility.
Our project has a React web frontend and a React Native mobile app. Accessibility ensures all users including those
with visual, motor, or cognitive impairments can discover and attend events.
We will apply WCAG 2.1 AA guidelines across the four principle areas:
Perceivable
- Add alt text to all event images and map markers (SC 1.1.1)
- Ensure all text meets 4.5:1 color contrast ratio (SC 1.4.3)
- Provide a non-map fallback list view for event discovery (SC 1.3.1)
Operable
- Make all interactive components keyboard accessible (SC 2.1.1)
- Add visible focus indicators to all focusable elements (SC 2.4.7)
Understandable
- Set lang="en" on the HTML document (SC 3.1.1)
- Add descriptive aria-label attributes to icon-only buttons (SC 3.3.2)
Robust
- Use semantic HTML elements instead of generic div click handlers (SC 4.1.2)
- Ensure all form inputs have associated label elements
Standard: OWASP Top 10 — 2021 Edition
OWASP Top 10 2021 — the industry-standard reference for web application security risks.
Our Section 13 (Security) requirements directly describe OWASP concepts:
| OWASP Risk | Our Requirement |
|---|---|
| A01 Broken Access Control | §13.2.1 — private event data restricted from unauthorized users |
| A02 Cryptographic Failures | §13.1.1 — passwords hashed with Argon2 |
| A04 Insecure Design | §13.2.2 — invitation lists securely stored |
| A07 Auth Failures | §13.1.2 — OTP and login attempts rate-limited |
| A09 Security Logging | §13.4.1 — security-relevant events logged for monitoring |
-
A01 Broken Access Control — verify private event endpoints reject unauthorized requests; add integration tests
for all three privacy levels - A02 Cryptographic Failures — confirm Argon2 password hashing, JWT secret rotation, HTTPS only
- A03 Injection — verify all database queries use parameterized statements via pgx
- A07 Auth Failures — audit JWT rotation logic, OTP expiry, and token revocation on logout
- A09 Security Logging — implement structured security event logging for login attempts and access violations
| Standard | Version | Use in Social Event Mapper |
|---|---|---|
| W3C Activity Streams 2.0 | Rec. May 2017 | Notification payload format; activity vocabulary for join/leave/invite/accept/reject |
| Schema.org + JSON-LD 1.1 | Rec. July 2020 | Structured data on event pages for SEO and machine readability |
| WCAG 2.1 AA | Rec. June 2018 | Accessibility compliance across web frontend and mobile app |
| OWASP Top 10 | 2021 Edition | Security audit framework aligned with Section 13 requirements |
👥 Team Members
- Lab 1 Report (12.02.2026)
- Lab 2 Report (19.02.2026)
- Lab 3 Report (26.02.2026)
- Lab 4 Report (05.03.2026)
- Lab 5 Report (12.03.2026)
- Lab 6 Report (26.03.2026)
- Lab 7 Report (02.04.2026)
- Lab 8 Report (16.04.2026)
- Lab 9 Report (30.04.2026)
- Lab 10 Report (07.05.2026)
- Customer Meeting (17.02.2026)
- Weekly Meeting 1 (17.02.2026)
- Weekly Meeting 2 (25.02.2026)
- Weekly Meeting 3 (04.03.2026)
- Stakeholder Meeting (10.03.2026)
- Weekly Meeting 4 (11.03.2026)
- Database Design Meeting (18.03.2026)
- Weekly Meeting 6 (25.03.2026)
- Weekly Meeting 7 (01.04.2026)
- Weekly Meeting 8 (15.04.2026)
- Weekly Meeting 9 (06.05.2026)
- Scenario 1 - Discovering and Joining an Event
- Scenario 2 - Private Event Organization
- Scenario 3 - Public Event Organization
- Use Case Diagram (Final)
- Scenario 1 Use Case Diagram
- Scenario 2 Use Case Diagram
- Scenario 3 Use Case Diagram
- All Sequence Diagrams
- Sequence Diagram - Oğuz Özer
- Sequence Diagram - Emine Türk
- Sequence Diagram - Cansu Er
- Sequence Diagram - Sevde Pekköse
- Sequence Diagram - Buğra Keser
- Sequence Diagram - Mehmet Kaan Ünsel
- Sequence Diagram - Utku Yiğit Demir
- Sequence Diagram - Mehmet Akif Yıldırım