Final Report Published.
10-11 September 2014, Silicon Valley (Mountain View), California
Final Report Published.
Many projects and companies are now requiring high security Web applications with improved authentication, and the W3C is positioned to enable technologies ranging from simple multi-factor authentication to full-blown smartcard-based authentication available to Web applications. For an example of new relevant work, the Web Cryptography API will soon expose standardized cryptographic functionality to Web applications across all major browsers.
Before re-chartering Web Cryptography Working Group or any new Working Group, the W3C believes that consensus around a long-term strategy should be solidified, and so the W3C is holding a workshop to determine what the web ecosystem needs to fully realize the potential of authentication on the Web in interoperating with other groups such as the FIDO Alliance and the Smartcard Alliance.
The aim of this workshop is to bring together those interested in discussing the integration of high-value authentication and hardware-based security in the Open Web Platform. This integration could make available to the Open Web Platform the current security capabilities of platforms via standards in this area.
The integration of hardware tokens for Web applications has been discussed in several Working Groups in W3C, such as the Web Cryptography Working Group, the SysApps Working Group, and in other workshops. Nevertheless there are different forms of secure tokens (from smartcards to secure micro-SD) and different services that could be brought by those trusted elements (storage, cryptographic operations, secure operations, authentication). Industry efforts in this area like the FIDO Alliance, which includes the use of mobile devices and biometric readers for authentication, have also been rapidly maturing and could intersect with the W3C in a number of mutually beneficially ways. The goal of this workshop is to outline a consensus for future deliverables and scope for the Web Cryptography Working Group charter or another Working Group charter and potentially list secure services to be developed on the Open Web Platform.
We invite you to submit a paper and to attend this workshop to help shape the next steps for the Web Cryptography API.
The Web Cryptography Working Group will be rechartering their Working Group after exiting the Candidate Recommendation phase, and this is expected to happen at some point this year. Thus, having a clear consensus on how the current API can be extended is vital to plan the next phase of the Working Group, or any new Working Groups that may be related. Various aspects of the technology needed for high-value authentication may also be well-suited for existing other Working Groups or new Working Groups.
Possible topics include, but are not limited to the following:
If you are working at the intersection of the Web and authentication, we want you to attend this workshop. We also want to know more about what direction the Web Cryptography API should take in the coming years.
Participation is free and open to W3C members and non-members. Due to space constraints, the workshop is limited to 70 attendees.
Position papers or statements of interest are required to be eligible to participate in this workshop. Organizations or individuals wishing to attend must submit a position paper explaining their perspectives on a workshop topic of their choice no later than 30 July 2014. Participants should have an active interest in the area selected, ensuring other workshop attendees will benefit from the topic and their presence.
Position papers should:
See the position papers submitted for the previous W3C workshop that led to the Web Cryptography Working Group as an example.
The authors of particularly salient or representative submissions will be given the opportunity to present their position at the workshop, to foster discussion. Those submitters not selected to present are still encouraged to attend the workshop to contribute to the discussion, although we still have a strict upper limit of 70.
Position papers must be in English, and HTML format is strongly preferred, though we will also accept plain text or PDF format; presentation slides are also preferred to be in HTML, but other slide formats are acceptable. All submissions should be a few paragraphs to two pages in length (approximately 500–2000 words), although they may link to longer versions or appendices.
Please note that all submitted position papers will be published on the public Web page of the workshop.
Position papers should be submitted via email to the <firstname.lastname@example.org> mailing list.
Registration is free. Register now
W3C's Web Cryptography Next Steps Workshop is at Microsoft's Silicon Valley Labs in Mountain View, California
Building Number 1 (Jupiter and Mercury Rooms)
1065 La Avenida St
Mountain View, CA 94123
United States+1 (650) 693-1001
10-11 September 2014
Note that there are no hotels within walking distance of the venue, and thus cars or taxis must be taken.
W3C has not negotiated special prices with any hotels, but we have identified reasonably-priced hotels nearby the venue venue:
Note that hotels in the Mountain View area tend to book fast, so booking your hotel soon is recommended.
The nearest airport is the San Jose International Airport (SJO).
Workshop sessions will focus on discussions among all participants. Presentations will be no more than 6 minutes ("pecha-kucha") each done in a panel style in order to start the discussion. Moderators will enforce the time limit, facilitate discussions, and summarize the results at the end of the sessions.
Note: This agenda lists the papers' authors and, if information provided, the individual presenting the paper. In some cases, papers may be presented by different individuals.
Raw minutes: Sept. 10, Sept. 11.
8:00 Registration open
8:30-10:30 Introduction and discussion of W3C, agenda, process, and goals
Chair: Virginie Galindo (Gemalto)
10:30 Morning break
11:00-1:00 Extending the Existing W3C Web Cryptography API
As the current W3C Web Cryptography API is now being implemented in browsers, are there any additions that would make sense in a W3C Web Cryptography 1.1?
Moderator: Jeff Hodges (Paypal)
Passwords are no longer sufficient for user authentications. Various new multi-factor authentication technologies, ranging from biometrics to hardware tokens, are being used and standardized by a number of industry consortia outside the W3C. How can the Open Web Platform best incorporate these technologies?
Moderator: Karen O'Donoghue (ISOC)
4:30-6:00 Self-Organized "Unconference" Breakouts
During the day, a number of questions will have been raised. If necessary, we can host a number of self-organize break-out sessions.
6:30 Group Dinner at Shiva's Indian Restaurant, 800 California St, Mountain View, CA 94041 (limited to the first 55 registrants)
Note that the agenda on this day may be subject to change depending on results of first day.
8:30-10:30 Hardware Tokens
A large variety of hardware tokens and other enablers for trusted execution environments exist. How can the Open Web Platform integrate the features they enable?
Moderator: Cathy Medich (Smartcard Alliance)
11:00-1:00 New Security Features for the Web
From issues of assuring users of their security to pervasive monitoring, are there general ways we can improve the Web Security Model and protect the privacy of the users? What other components already exist or are in development in the Open Web Platform that we should harmonize with or communities we should get involved?
Moderator: Karen Lu (Gemalto)
2:00-4:00 Next Steps on Chartering
Moderator: Harry Halpin (W3C)
Panelists: Request for WebCrypto API v2 functionality by Israel Hilerio (Microsoft), Dirk Balfanz (Google), Richard Barnes (Mozilla).
In this session, there will be a "deep-dive" into the practical next steps for possible rechartering of the W3C Web Cryptography Working Group (after the first version of the Web Cryptography API is complete), suggestions to add work to other WGs, or starting a new WG to address issues raised in the workshop. Representatives from browser vendors will be on hand to give a "sanity check" to various proposals and time-frames.
4:30-6:00 Next Steps on Chartering (continued)
Moderator: Wendy Seltzer (W3C)
If needed, the discussion will continue until we reach a rough consensus on the next charter.
W3C Workshops, meetups, and other events bring you into direct contact with leading Web technology experts: representatives from industry, research, government, and the developer community.
Whether your interests are focused on a particular topic being discussed by a Working Group, or you wish to reach a diverse international audience setting W3C's strategic direction, sponsorship helps your organization reach W3C's engaged participants.
Sponsorships offset a portion of our meeting costs, so W3C welcomes multiple sponsors for each event. All proposals for sponsorship are subject to W3C approval.
If you're interested in being a sponsor of the W3C Next Steps for Web Cryptography Workshop, please contact J. Alan Bird at email@example.com or +1 617 253 7823.
For additional information, please visit the Sponsorship program.