This document was a draft for informal review. It led to the chartering of a separate Web Cryptography Working Group.
The mission of the Web Identity Working Group, part of the Security Activity, is to provide specifications to enable an improved and secure experience around identity on the Web, including multiple personae and private browsing on the Web.
|End date||30 November 2013|
|Confidentiality||Proceedings are Public|
Harry Halpin (FTE %: @@)
|Usual Meeting Schedule||Teleconferences: topic-specific calls may be held, normally weekly.
Face-to-face: We will meet during the W3C's annual Technical Plenary week; other additional F2F meetings may be scheduled
The mission of the Web Identity Working Group is to provide Web developers secure and uniform access to elementary cryptographic operations, session state information, and authentication credentials for devices like browsers. We also will enable cross-device identity synchronization across these environments. These specifications will application programming interfaces (APIs) and, if necessary, formats.
The Web Identity Working Group deliverables must address issues of accessibility, internationalization, mobility, security, and privacy. This group will strive to make its work compatible with existing server-side identity solutions including SAML, OpenID, and OAuth and will focus on increasing uniform support for asymmetric cryptography amongst browsers and in existing solutions although password-based (symmetric) systems should be supported.
The Web Identity Working Group should aim to produce specifications that have wide deployment amongst end-users, and so should work carefully with as many major implementers as possible. The Web Identity Working Group should adopt, refine and when needed, extend, existing practices and community-driven draft specifications when possible. The identity work should integrate well with Web Applications and so should be developed in concert with Web Application developers and the Web Application and HTML Working Groups. Comprehensive test suites will be developed for each specification to ensure interoperability, and the Working Group will assist in the production of interoperability reports.
In order to advance to Proposed Recommendation, each specification is expected to have two independent implementations of each of feature defined in the specification.
The working group will deliver at least the following:
Each specification must contain a section detailing any known security implications for implementors, Web authors, and end users. The Web Identity WG will actively seek an open security review on all its specifications.
To increase the convenience and security of deployment, these specifications may interact will take into account existing platform and operating system identity managers and so additional informative work in this area may be necessary.
Additionally, the Web Identity Working Group has the goal to improve the deployment of secure and privacy-respecting identity on the Web through outreach and interaction with the larger identity eco-system and by participating in both industry and government-led joint efforts with other organizations in the identity eco-system. So other non-normative documents may be created such as:
|Note: The group will document significant changes from this initial schedule on the group home page.|
|Cryptography API||December 2011||February 2012||July 2012||September 2012||November 2012|
|Web Identity Sync||March 2012||September 2012||March 2011||August 2012||October 2013|
|Identity API||March 2012||September 2012||March 2011||August 2012||October 2013|
The production of the deliverables depends upon the resources available, and will change as new information and implementation experience is reported to the group. The most up-to-date timeline is available from the Web WG Publication Status page.
Furthermore, the Web Identity Working Group expects to follow the following W3C Recommendations, Guidelines and Notes and, if necessary, to liaise with the communities behind the following documents:
The following is a tentative list of external bodies the Working Group should collaborate with:
To be successful, the Web Identity Working Group is expected to have 10 or more active participants for its duration, and to have the participation of the industry leaders in fields relevant to the specifications it produces. The Chairs and specification Editors are expected to contribute one to two days per week towards the Working Group. There is no minimum requirement for other Participants.
The Web Identity Working Group will also allocate the necessary resources for building test suites for each specification.
The Web Identity Working Group welcomes participation from non-Members. The group encourages questions and comments on its public mailing lists, as described in Communication. As needed, the group may also call for joint teleconferences and meetings with related organizations and standards bodies in the field of identity.
The group also welcomes non-Members to contribute technical submissions for consideration, with the agreement from each participant to Royalty-Free licensing of those submissions under the W3C Patent Policy. The Working Group may also call for the formation of Community Groups or work in other standards bodies such as the IETF.
Most Web Identity Working Group Teleconferences will focus on discussion of particular specifications, and will be conducted on an as-needed basis. At least one teleconference will be held per week.
Most of the technical work of the group will be done through discussions on one of the group's public mailing lists, for which there is no formal requirement for participation:
The group will use a Member-confidential mailing list for administrative purposes and, at the discretion of the Chairs and members of the group, for member-only discussions in special cases when a particular member requests such a discussion.
Information about the group (for example, details about deliverables, issues, actions, status, participants) will be available from the Web Identity Working Group home page.
As explained in the W3C Process Document (section 3.3), this group will seek to make decisions when there is consensus and with due process. The expectation is that typically, an editor or other participant makes an initial proposal, which is then refined in discussion with members of the group and other reviewers, and consensus emerges with little formal voting being required. However, if a decision is necessary for timely progress, but consensus is not achieved after careful consideration of the range of views presented, the Chairs should put a question out for voting within the group (allowing for remote asynchronous participation -- using, for example, email and/or web-based survey techniques) and record a decision, along with any objections. The matter should then be considered resolved unless and until new information becomes available.
This charter is written in accordance with Section 3.4, Votes of the W3C Process Document and includes no voting procedures beyond what the Process Document requires.
This Working Group operates under the W3C Patent Policy (5 February 2004 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.
For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.
This charter for the Web Identity Working Group has been created according to section 6.2 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.
Copyright© 2010 W3C® (MIT, ERCIM, Keio), All Rights Reserved.
$Date: 2012/04/15 20:57:16 $