Skip
W3C »
Security Activity

Security Activity

Security at W3C

Web Security is a collaborative effort across the Web ecosystem; W3C coordinates some of that work in its Security Activity, within the Technology & Society Domain. Among the work we are doing to help secure Web applications and Web usage:

Web Cryptography Working Group

Motivated by the emergence of more complex protocols executed between Web applications, the WebCrypto group is defining an API to expose trusted cryptographic primitives from the browser. protocols. API features will include message confidentiality and authentication services, as building blocks for improved Web security.

Draft: Web Cryptography API

Web Application Security

WebAppSec is developing the Content Security Policy and CSP Level 2; Cross-Origin Resource Sharing; UI Security; Subresource Integrity and Mixed Content Recommendations. This work aims to enable secure mash-ups, address click-jacking, and to create a more robust Web security environment through light-weight policy expression that meshes with HTML5's built-in security policies.

Web Payments

The Web Payments Interest Group provides a forum for technical discussions to identify use cases and requirements for existing and/or new specifications to ease payments on the Web for users (payers) and merchants (payees), and to establish a common ground for payment service providers on the Web Platform. Security and secure authentication will be critical elements of success.

Web Security Interest Group

The Web Security Interest Group serves as a forum for discussion about improving standards and implementations to advance the security of the Web.

Related Work: Privacy

The Privacy Interest Group watches for ongoing privacy issues affecting the Web, investigates potential areas for new privacy work, and provides guidelines and advice for addressing privacy in standards development.

Related Work: Technical Architecture Group (TAG)

The TAG is responsible for the security, sanity, and layering of the overall web platform.

XML Security

XMLSec produced three W3C Recommendations: a stable interim set of 1.1 specifications. The XML Signature 1.1 and XML Encryption 1.1 specifications clarify and enhance the previous specifications without introducing breaking changes. XML Signature Properties outlines the syntax and processing rules and an associated namespace for properties to be used in XML Signatures.

On the blog

Strengthening Web Security on The Day We Fight Back (11 Feb, 2014)

We see pervasive monitoring as an attack on the Web and its users. The Web is for everyone. The W3C community builds Web protocols and formats to enable individuals and groups to communicate with those they are trying to reach, and to protect those communications from eavesdropping of third parties. more...

Shape the Secure Web as a W3C Member

W3C Members play a significant role in shaping the Web. Contact W3C to learn more about the benefits of W3C Membership.

Upcoming events

Web Payments IG Face-to-Face Meeting, 2-4 February, 2015, Utrecht, NL

Past related events

WebCrypto and WebAppSec Face-to-Face meetings at TPAC 27-31 Oct 2014
Workshop: Web Cryptography Next Steps: Authentication, Hardware Tokens and Beyond (Mountain View, CA, USA, 10-11 Sept., 2014)
Workshop: Web & Payment: How do you want to pay? (Paris, France, 24-25 March, 2014)
STRINT: A W3C/IAB workshop on Strengthening the Internet Against Pervasive Monitoring (London, England, 28 February - 1 March, 2014)

W3C Team

Wendy Seltzer, Technology & Society Domain Lead (email)
Harry Halpin, WebCrypto Working Group team contact