3 March 1995
The last two meetings of the W3C Security Group had made clear that there is a great need for a W3C Security Standard that will be
  1. rapidly and decisively generated;
  2. that can meet multiple user requirements (security scenarios);
  3. that will enable interoperability with existing Web products and
  4. that will gracefully expand toward expected future security requirements.

In the last meeting of the W3C Security Group on February 22, 1995 a strong sentiment was expressed that development of the W3C security protocol could proceed from an existing commercial design through the addition of features of other competing designs. Unfortunately, this suggestion was interpreted by some as endorsement of the base design as the W3C security standard.

This is not the case: No current security protocol has been endorsed by W3C security standard. To ensure that the future W3C security standard is widely accepted in accordance with the above objectives, current development is proceeding both top-down and bottom-up along the sequence scenarios - requirements - design - implementation. It is a plan of the W3C team that transition to the W3C security protocol be enabled by software which will interoperate with existing Web products that provide security.

At the February 22 meeting, several W3C members offered development resources toward this standard. While a formal release date has not yet been set, we expect an initial release to be issued by the end of the year. Formal adoption of the protocol will proceed according to the W3C Consortium standard setting process.

Tim Berners-Lee

Director, W3 Consortium

MIT Laboratory for Computer Science