This page is preserved as a historic document. It has last been substantively edited on 1999/11/24 by Joseph Reagle. -- Thomas Roessler, 2006-10-11

W3CTechnology and Society

W3C Security Resources


Web security is a complex topic, encompassing computer system security, network security, authentication services, message validation, personal privacy issues, and cryptography. This page contains links to various aspects of Web and Internet security.

Overview: The World Wide Web Security FAQ

The World Wide Web Security FAQ (Frequently Asked Questions with answers) provides an overview of Web security issues, security hole alerts, and practical advice for avoiding unpleasant surprises. It is recommended as a starting point for exploration.

Security Initiatives at the W3C

The W3C is involved in the development of several protocols that relate to Web security. Presently, the main areas of work is on the signed-XML proposed activity. Other related activities include the HTTP/1.1 protocol and eCommerce. The W3C also produces software reference implementations that demonstrate the use of security measures.

Digital Signatures

  1. The IETF/W3C have created a joint working group to address XML Signatures.
  2. The Digital Signature Initiative released a PICS Signed Labels 1.0 Recommendation on 27-May-1998. This specification permits digital signatures to be associated with PICS labels (a Web annotation system.)


The HTTP/1.1 protocol includes a much improved scheme for authenticating the identity of users known as Digest Authentication.

Electronic Commerce Initiatives

The W3C is involved in several initiatives in the realm of electronic commerce and secure payments. More information can be found in the Electronic Commerce Interest Group pages.

Reference Implementations

The W3C has implemented Jigsaw, an HTTP/1.1-compliant Web server written entirely in Java. The source code illustrates the implementation of HTTP authentication protocols in general, and Digest Authentication in particular.

Other Security Links

Protocols and Standards

Electronic Commerce


General Sources for Internet Security

Lincoln D. Stein (

Last updated: 1999-04-06T12:57:27Z
CVS $Date: 2006/10/11 21:07:56 $ by $Author: roessler $