As stated in its charter, the mission of the Web Application Security Working Group is to develop security and policy mechanisms to improve the security of Web Applications, and enable secure cross-site communication.
|Past and Upcoming Events|
|Weekly teleconference: every other Tuesday, 21:00-22:00 UTC (14:00-15:00 PST)
Next regular call: May 21, 2013
|2012-1-29||Cross-Origin Resource Sharing published as a W3C Candidate Recommendation.|
|2012-1-15||New Charter proposal sent to W3C team and AC for approval: http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/att-0112/Web_Application_Security_Working_Group.htm|
|2012-12-13||CSP 1.1 advances to First Public Working Draft http://www.w3.org/TR/CSP11/|
|2012-11-20||User Interface Safety Directives for CSP advances to First Public Working Draft|
|2012-11-15||Call for Consensus to advance CORS to Candidate Recommendation.|
|2012-11-15||Content Security Policy 1.0 published as a W3C Candidate Recommendation.|
|Name of Spec
|Content Security Policy||15-November-2012||CR||Editors: Brandon Sterne and Adam Barth||Test Coordinator: Mike West|
|Content Security Policy 1.1||15-November-2012||FPWD||Editors: Mike West, Dan Veditz and Adam Barth||Test Coordinator: Mike West|
|User Interface Safety Directives for Content Security Policy||20-November-2012||FPWD||Editors: Giorgio Maone, David Lin-Shung Huang, Brad Hill, Tobias Gondrom|
|Cross-Origin Resource Sharing||3-April-2012||LCWD||Editor: Anne van Kesteren||Test Coordinator: Gopal Raghavan|
|Uniform Messaging Policy, Level One||15-June-2010||Input document (from WebApps WG)||Editors: Tyler Close and Mark Miller||Not on recommendation track at this time.|
|Security on the Web||4-Feb-2011||Input document||summary by J. Kemp for the TAG - this document is not a TAG Finding|
This general practices of this WG are are documented on our Work Mode Page.
F2F Day 2, 26-Apr-2013: http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-26-Apr-2013.htm
F2F Day 1, 25-Apr-2013: http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-25-Apr-2013.htm
Teleconference, 26-Feb-2013: http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-26-Feb-2013.htm
Teleconference, 12-Feb-2013: http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-12-Feb-2013.htm
Teleconference, 29-Jan-2013: http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-29-Jan-2013.htm
Teleconference, 15-Jan-2013: http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-15-Jan-2013.htm
Teleconference, 18-Dec-2012: http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-18-Dec-2012.htm
Teleconference, 20-Nov-2012: http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-20-Nov-2012.htm
TPAC F2F, Day 2, 02-Nov-2012: http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-02-Nov-2012.htm
TPAC F2F, Day 1, 01-Nov-2012: http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-01-Nov-2012.htm
Call of 23 October 2012: http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-23-Oct-2012.htm
Call of 25 September 2012: http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-25-Sep-2012.htm
Call of 11 September 2012: http://www.w3.org/2011/webappsec/minutes/WebAppSec-minutes-11-Sep-2012.htm
Call of 28 August 2012: http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-2012-08-28.htm
Call of 20 June 2012: http://www.w3.org/2012/20/05-webappsec-minutes.html
Call of 08 May 2012: http://www.w3.org/2012/05/08-webappsec-minutes.html
F2F 2011, Day 2: http://lists.w3.org/Archives/Public/www-archive/2012May/att-0011/minutes-2012-05-03.html
F2F 2011, Day 1: http://lists.w3.org/Archives/Public/www-archive/2012May/att-0011/minutes-2012-05-02.html
See the Working Group's tracker instance (Tracker's documentation).
The WG's Bugzilla instace is at: http://www.w3.org/Bugs/Public/describecomponents.cgi?product=WebAppsSec
Weekly teleconference: every other Tuesday, 22:00-23:00 UTC(14:00-15:00 PST)
The number for all calls on W3C Zakim bridge is +1.617.761.6200 then enter
conference passcode 92794 ('WASWG'). If you can't get into the bridge, dial *0
to speak to the operator — they can manually connect you. Zakim allows
participants to mute themselves by pressing 61# ("M" for mute, then "1" for on)
and unmute themselves with 60#.
It is possible to participate in meetings by telephone alone but participants' interaction is substantially improved by also joining the #webappsec irc channel or using the IRC Web interface (see also the comprehensive help for IRC). The group makes use of the following agents: zakim, rrsagent, and tracker.
Technical discussion takes place on the Working Group discussion list, email@example.com (archive). This is a public mailing list; to subscribe to the public-webappsec mailing list, please check the subscription procedure.
Proposals, experiments, etc. related to this WG's deliverables can be discussed on the W3C Web Security Wiki at http://www.w3.org/Security/wiki/Main_Page
The WG will begin work on Content Security Policy 1.1 concurrently with moving 1.0 on the Recommendation track. Suggestions for features in 1.1 should go to the wiki at: http://www.w3.org/Security/wiki/Content_Security_Policy. Experimental implementations to accompany such suggestions are highly encouraged. A brainstorm list of proposed directives is also available at https://wiki.mozilla.org/Security/CSP/Strawman
W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent.
The WebAppSec Working Group operates under its initial charter.
See: DBWG and IPP