Web Security Interest Group Charter
The mission of the Web Security Interest Group is to serve as a forum for discussions on improving standards and implementations to advance the security of the Web.
|Start date||17 January 2017|
|End date||1 January 2019|
|Charter extension||See Change History.|
|Chairs||Virginie Galindo, Gemalto; Kepeng Li, Alibaba; Ryan Ware, Intel|
|Team Contacts||Wendy Seltzer (0.05 FTE) and Samuel Weiler (0.05 FTE), W3C|
Face-to-face: we will meet during the W3C's annual Technical Plenary week.
As the Web Platform around HTML5 emerges as a platform for sophisticated application development, security properties of both implementations and specifications become critical. This group provides a forum for technology designers, implementors, and other interested parties to work toward improving specifications and implementations to advance security of the Web overall. The group is, in particular, focused on the security properties of HTML5 and related APIs and technologies.
As an Interest Group, this group has no formal deliverables. The group may propose additional standards work to the W3C and may publish Interest Group Notes on topics such as best practices, analysis of security issues, and design considerations.
The Group intends to focus its work on three categories of effort:
- Incubation: Discussing ideas for new Recommendation-track work; dispatching promising ideas to a Community Group or Task Force; proposing drafts to W3C for Working Group chartering.
- Horizontal Reviews: Assessing W3C drafts for security considerations and/or publishing questionnaires or other guidance to enable self-review by working groups.
- Web Security Incident Review: Considering reported security incidents as input, e.g., to correct patterns of error, threat modeling, and new spec development.
Technical coordination with the following Groups will be made, per the W3C Process Document:
W3C Working Groups may ask this Interest Group to provide security review of specifications.
- As needed
Participation in the Web Security Interest Group is open to the public. Any person interested in this topic is welcome to participate in this Interest Group.
There are no minimum requirements for participation in this group: This IG is composed of the participants in the firstname.lastname@example.org mailing list.
The Chair may call occasional meetings consistent with the W3C Process requirements for meetings.
The group encourages questions, comments and issues on its public mailing lists and document repositories, as described in Communication.
Technical discussions for this Interest Group are conducted in public.This group primarily conducts its work on the public mailing list email@example.com.
Information about the group (including details about deliverables, issues, actions, status, participants, and meetings) will be available from the Web Security Interest Group home page.
This group will seek to make decisions through consensus and due process, per the W3C Process Document (section 3.3). Typically, an editor or other participant makes an initial proposal, which is then refined in discussion with members of the group and other reviewers, and consensus emerges with little formal voting being required.
However, if a decision is necessary for timely progress, but consensus is not achieved after careful consideration of the range of views presented, the Chairs may call for a group vote, and record a decision along with any objections.
To afford asynchronous decisions and organizational deliberation, any resolution (including publication decisions) taken in a face-to-face meeting or teleconference will be considered provisional. A call for consensus (CfC) will be issued for all resolutions (for example, via email and/or web-based survey), with a response period from one week to 10 working days, depending on the chair's evaluation of the group consensus on the issue. If no objections are raised on the mailing list by the end of the response period, the resolution will be considered to have consensus as a resolution of the Interest Group.
All decisions made by the group should be considered resolved unless and until new information becomes available, or unless reopened at the discretion of the Chairs or the Director.
This charter is written in accordance with the W3C Process Document (Section 3.4, Votes), and includes no voting procedures beyond what the Process Document requires.
The Interest Group provides an opportunity to share perspectives on the topic addressed by this charter. W3C reminds Interest Group participants of their obligation to comply with patent disclosure obligations as set out in Section 6 of the W3C Patent Policy. While the Interest Group does not produce Recommendation-track documents, when Interest Group participants review Recommendation-track specifications from Working Groups, the patent disclosure obligations do apply. For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.
This Interest Group will use the W3C Software and Document license for all its deliverables.
About this Charter
This charter has been created according to section 5.2 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.
The following table lists details of all changes from the initial charter, per the W3C Process Document (section 5.2.3):
|Charter Period||Start Date||End Date||Changes|
|Initial Charter||7 September 2011||31 March 2013|
|Charter Extension (Announcement [member only])||25 September 2013||31 March 2015||Virginie Galindo appointed as as co-chair; Team Contact changed from Thomas Roessler to Wendy Seltzer.|
|Charter Extension (Announcement [member only])||7 July 2015||30 June 2016||Adam Barth stepped down as co-chair.|
|Rechartered||17 January 2017||1 January 2019||Added Kepeng Li and Ryan Ware as co-chairs; added Samuel Weiler as team contact|