Skip to contents |
W3C Technology and Society Domain | Security home

Security Activity Statement

Web Security is a collaborative effort; W3C coordinates some of that work in its Security Activity, within the Technology & Society Domain. Among the work we are doing to help secure Web applications and Web usage:

The Web Application Security Working Group is developing the Content Security Policy and CSP 1.1; Cross-Origin Resource Sharing; UI Security; Secure Mixed Content; and Lightweight Isolated / Safe Content Recommendations. The goal of this work is to enable secure mash-ups, and to create a more robust Web security environment through light-weight policy expression that meshes with HTML5's built-in security policies. The group additionally aims to address clickjacking issues.

The Web Cryptography Working Group is motivated by the emergence of more complex protocols executed between Web applications. The group is chartered to develop a Recommendation-track document defining an API that enables the development of such protocols. API features will include message confidentiality and authentication services, and exposing trusted cryptographic primitives from the browser. This will promote higher security on the Web as developers will no longer have to create their own or use untrusted third-party libraries for cryptographic primitives.

The Web Security Interest Group serves as a forum for discussion about improving standards and implementations to advance the security of the Web.

The XML Security Working Group produced three W3C Recommendations: a stable interim set of 1.1 specifications. The XML Signature 1.1 and XML Encryption 1.1 specifications clarify and enhance the previous specifications without introducing breaking changes, although they do introduce new algorithms. XML Signature Properties outlines the syntax and processing rules and an associated namespace for properties to be used in XML Signatures.

Highlights Since the Previous Advisory Committee Meeting

The Web Application Security Working Group published as Candidate Recommendation its Content Security Policy and CORS specifications, and expanded its scope with a new charter.

The Web Cryptography Working Group published a WG Note, Web Cryptography API Use Cases; and two Working drafts, Web Cryptography API; WebCrypto Key Discovery.

The XML Security Working Group produced three Recommendations:

The XML Security PAG concluded its work with a PAG Report, enabling the Working Group to proceed.

Upcoming Activity Highlights

We are looking forward to Last Call publications from the Web Crypto Working Group, of its Web Cryptography API and Key Discovery API and to further progress from the Web Application Security Working Group on existing and new deliverables.

Summary of Activity Structure

GroupChairTeam ContactCharter
XML Security Working Group
Frederick HirschWendy SeltzerChartered until 31 December 2016
Web Application Security Working Group
Brad Hill, Daniel VeditzWendy SeltzerChartered until 31 December 2016
Web Cryptography Working Group
Virginie GalindoWendy Seltzer, Harry HalpinChartered until 30 September 2015
Web Security Interest GroupVirginie Galindo, Adam BarthWendy SeltzerChartered until 31 March 2015

This Activity Statement was prepared for TPAC 2014 per section 5 of the W3C Process Document. Generated from group data.

Wendy Seltzer, Security Activity Lead

$Id: Activity.html,v 1.436 2015/06/25 09:47:25 sysbot Exp $
Valid XHTML 1.0!