Web Security Interest Group Charter

The mission of the Web Security Interest Group is to serve as a forum for discussions on improving standards and implementations to advance the security of the Web.

Join the Web Security Interest Group.

Start date 17 January 2017
End date 1 January 2019
Charter extension See Change History.
Chairs Virginie Galindo, Gemalto; Kepeng Li, Alibaba; Ryan Ware, Intel
Team Contacts Wendy Seltzer (0.05 FTE) and Samuel Weiler (0.05 FTE), W3C
Meeting Schedule Teleconferences: as-needed.
Face-to-face: we will meet during the W3C's annual Technical Plenary week.

Scope

As the Web Platform around HTML5 emerges as a platform for sophisticated application development, security properties of both implementations and specifications become critical. This group provides a forum for technology designers, implementors, and other interested parties to work toward improving specifications and implementations to advance security of the Web overall. The group is, in particular, focused on the security properties of HTML5 and related APIs and technologies.

Deliverables

As an Interest Group, this group has no formal deliverables. The group may propose additional standards work to the W3C and may publish Interest Group Notes on topics such as best practices, analysis of security issues, and design considerations.

The Group intends to focus its work on three categories of effort:

Coordination

Technical coordination with the following Groups will be made, per the W3C Process Document:

W3C Groups

W3C Working Groups may ask this Interest Group to provide security review of specifications.

External Organizations

As needed

Participation

Participation in the Web Security Interest Group is open to the public. Any person interested in this topic is welcome to participate in this Interest Group.

There are no minimum requirements for participation in this group: This IG is composed of the participants in the public-web-security@w3.org mailing list.

The Chair may call occasional meetings consistent with the W3C Process requirements for meetings.

The group encourages questions, comments and issues on its public mailing lists and document repositories, as described in Communication.

Communication

Technical discussions for this Interest Group are conducted in public.This group primarily conducts its work on the public mailing list public-web-security@w3.org.

Information about the group (including details about deliverables, issues, actions, status, participants, and meetings) will be available from the Web Security Interest Group home page.

Decision Policy

This group will seek to make decisions through consensus and due process, per the W3C Process Document (section 3.3). Typically, an editor or other participant makes an initial proposal, which is then refined in discussion with members of the group and other reviewers, and consensus emerges with little formal voting being required.

However, if a decision is necessary for timely progress, but consensus is not achieved after careful consideration of the range of views presented, the Chairs may call for a group vote, and record a decision along with any objections.

To afford asynchronous decisions and organizational deliberation, any resolution (including publication decisions) taken in a face-to-face meeting or teleconference will be considered provisional. A call for consensus (CfC) will be issued for all resolutions (for example, via email and/or web-based survey), with a response period from one week to 10 working days, depending on the chair's evaluation of the group consensus on the issue. If no objections are raised on the mailing list by the end of the response period, the resolution will be considered to have consensus as a resolution of the Interest Group.

All decisions made by the group should be considered resolved unless and until new information becomes available, or unless reopened at the discretion of the Chairs or the Director.

This charter is written in accordance with the W3C Process Document (Section 3.4, Votes), and includes no voting procedures beyond what the Process Document requires.

Patent Disclosures

The Interest Group provides an opportunity to share perspectives on the topic addressed by this charter. W3C reminds Interest Group participants of their obligation to comply with patent disclosure obligations as set out in Section 6 of the W3C Patent Policy. While the Interest Group does not produce Recommendation-track documents, when Interest Group participants review Recommendation-track specifications from Working Groups, the patent disclosure obligations do apply. For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.

Licensing

This Interest Group will use the W3C Software and Document license for all its deliverables.

About this Charter

This charter has been created according to section 5.2 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.

Charter History

The following table lists details of all changes from the initial charter, per the W3C Process Document (section 5.2.3):

Charter Period Start Date End Date Changes
Initial Charter 7 September 2011 31 March 2013
Charter Extension (Announcement [member only]) 25 September 2013 31 March 2015 Virginie Galindo appointed as as co-chair; Team Contact changed from Thomas Roessler to Wendy Seltzer.
Charter Extension (Announcement [member only]) 7 July 2015 30 June 2016 Adam Barth stepped down as co-chair.
Rechartered 17 January 2017 1 January 2019 Added Kepeng Li and Ryan Ware as co-chairs; added Samuel Weiler as team contact