| Security homeWeb Security is a collaborative effort; W3C coordinates some of that work in its Security Activity, within the Technology & Society Domain. Among the work we are doing to help secure Web applications and Web usage:
The Web Application Security Working Group is developing the Content Security Policy and CSP 1.1; Cross-Origin Resource Sharing; UI Security; Secure Mixed Content; and Lightweight Isolated / Safe Content Recommendations. The goal of this work is to enable secure mash-ups, and to create a more robust Web security environment through light-weight policy expression that meshes with HTML5's built-in security policies. The group additionally aims to address clickjacking issues.
The Web Cryptography Working Group is motivated by the emergence of more complex protocols executed between Web applications. The group is chartered to develop a Recommendation-track document defining an API that enables the development of such protocols. API features will include message confidentiality and authentication services, and exposing trusted cryptographic primitives from the browser. This will promote higher security on the Web as developers will no longer have to create their own or use untrusted third-party libraries for cryptographic primitives.
The Web Security Interest Group serves as a forum for discussion about improving standards and implementations to advance the security of the Web.
The XML Security Working Group produced three W3C Recommendations: a stable interim set of 1.1 specifications. The XML Signature 1.1 and XML Encryption 1.1 specifications clarify and enhance the previous specifications without introducing breaking changes, although they do introduce new algorithms. XML Signature Properties outlines the syntax and processing rules and an associated namespace for properties to be used in XML Signatures.
The Web Application Security Working Group published as Candidate Recommendation its Content Security Policy and CORS specifications, and expanded its scope with a new charter.
The Web Cryptography Working Group published a WG Note, Web Cryptography API Use Cases; and two Working drafts, Web Cryptography API; WebCrypto Key Discovery.
The XML Security Working Group produced three Recommendations:
The XML Security PAG concluded its work with a PAG Report, enabling the Working Group to proceed.
We are looking forward to Last Call publications from the Web Crypto Working Group, of its Web Cryptography API and Key Discovery API and to further progress from the Web Application Security Working Group on existing and new deliverables.
| Group | Chair | Team Contact | Charter |
|---|---|---|---|
| XML Security Working Group (participants) | Frederick Hirsch | Wendy Seltzer | Chartered until 31 December 2016 |
| Web Application Security Working Group (participants) | Brad Hill, Daniel Veditz | Wendy Seltzer | Chartered until 31 March 2015 |
| Web Cryptography Working Group (participants) | Virginie Galindo | Wendy Seltzer, Harry Halpin | Chartered until 31 March 2015 |
| Web Security Interest Group | Virginie Galindo, Adam Barth | Wendy Seltzer | Chartered until 31 March 2015 |
This Activity Statement was prepared for TPAC 2014 per section 5 of the W3C Process Document. Generated from group data.
Wendy Seltzer, Security Activity Lead
$Id: Activity.html,v 1.420 2015-03-05 08:41:55 sysbot Exp $