| Security
homeThe W3C Security Activity focuses on two distinct areas of work: On the one hand, the XML Security Working Group is maintaining and further evolving the XML security specifications (XML Signature, XML Encryption, and companion specifications). On the other hand, the security needs of modern Web applications are a major focus of work in the Security activity.
The Web Application Security Working Group has taken up work on the Content Security Policy specification, and is progressing the Cross-Origin Resource Sharing specification toward Recommendation. The goal of this work is to enable secure mash-ups, and to create a more robust Web security environment through light-weight policy expression that meshes with HTML5's built-in security policies. The group additionally aims to address clickjacking issues.
The Web Cryptography Working Group is motivated by the emergence of more complex protocols executed between Web applications. The group is chartered to develop a Recommendation-track document defining an API that enables the development of such protocols. API features will include message confidentiality and authentication services, and exposing trusted cryptographic primitives from the browser. This will promote higher security on the Web as developers will no longer have to create their own or use untrusted third-party libraries for cryptographic primitives.
The Web Security Interest Group serves as a forum for discussion about improving standards and implementations to advance the security of the Web.
The XML Security Working Group is working a stable interim set of 1.1 specifications, in parallel to producing a more radical changed version 2.0 of XML Signature. The XML Signature 1.1 and XML Encryption 1.1 specifications clarify and enhance the previous specifications without introducing breaking changes, although they do introduce new algorithms. These specifications are at Candidate Recommendation stage, and are currently the subject of discussion in a Patent Advisory Group.
The Web Application Security Working Group published a First Public Working Draft of its Content Security Policy specification. CORS was published as a Last Call draft. The Last Call period for this specification ends on 1 May 2012.
The following deliverables of the XML Security Working Group are in Candidate Recommendation:
The XML Security PAG is chartered to study issues and propose solutions related to XML Encryption 1.1 and XML Signature 1.1, and their use of elliptic curve cryptography.
We are looking forward to initial publications from the Web Crypto Working Group, and to the Web Application Security Working Group further progressing its deliverables, and publishing a first draft to address clickjacking attacks. On the XML Security side, we look forward to the conclusion of the XML Security PAG.
| Group | Chair | Team Contact | Charter |
|---|---|---|---|
| XML Security Working Group (participants) | Frederick Hirsch | Thomas Roessler | Chartered until 30 April 2013 |
| Web Application Security Working Group (participants) | Brad Hill, Eric K. Rescorla | Wendy Seltzer | Chartered until 31 March 2013 |
| Web Cryptography Working Group (participants) | Virginie Galindo | Wendy Seltzer, Harry Halpin | Chartered until 31 March 2014 |
| Web Security Interest Group | Adam Barth | Thomas Roessler | Chartered until 31 March 2013 |
This Activity Statement was prepared for AC 2013 per section 5 of the W3C Process Document. Generated from group data.
Thomas Roessler, Security Activity Lead
$Id: Activity.html,v 1.312 2013-09-13 12:26:05 sysbot Exp $