From Web Security

Contents 1 Web Security Wiki 1.1 Specs to review, groups to watch 1.1.1 Specs 1.1.2 Groups 1.1.3 Related Groups to Liaise With 1.2 Ongoing issues 1.3 Meetings

Web Security Wiki

Improving standards and implementations to advance the security of the Web.

This wiki is open for contributions by all with a W3C account. For discussions, please refer to the public-web-security mailing list.

• request a Member account (use if you work for a W3C member company)
• request a Public account (use otherwise)
• password mailback

Specs to review, groups to watch

Specs

Wiki pages containing information about these specifications:

• Content Security Policy (webappsec); use the public-webappsec@w3.org mailing list for discussion.
• XMLHttpRequest (webapps)
• CORS and Uniform Messaging Policy (webappsec); use the public-webappsec@w3.org mail list for related discussions
• HTML5 (html)
• Websockets (webapps)
• Anti-Clickjacking Requirements (webappsec); use the public-webappsec@w3.org mailing list for discussion.

Groups

• WebAppSec WG
• Webapps
• HTML WG
• Device APIs
• XML Security WG

Related Groups to Liaise With

• IETF WebSec Working Group

Ongoing issues

• Trusted User Interface
• Same Origin Policy and Same Origin Policy by Adam Barth
• Cross Site Attacks
• Comparison of CORS and UMP (Work in progress)

Perhaps this wiki would be handy for thinking thru some security patterns the TAG is discussing under ISSUE-31 (metadatainURI-31)...

• Ungessable URI, Web Key, Email Confirmation
• Passwords In The Clear (maybe not worth bothering; the finding is done, I think)

Meetings

• TPAC 2009 security BOF