IG/W3C security roadmap
In 2013 several discussions related to security happened in W3C area. Here are the major features that were mentioned by different contributors, that the Web Security IG recommends to develop.
The platforms hosting the open web platform is offering some security features that are not made available yet to the web developers or to the user. It may be worth bringing to the open web platform the following features :
Usage of DANE (DNS-Based Authentication of Named Entities) implies more security in the communication. Read article
- Enabling usage of trusted elements
Platform may embed some trusted elements offering functionality such as trusted storage, trusted execution... Those trusted elements can have different form such as embedded chip (TPM, embedded Secure Element), pluggable chip (SIM card, Smart Card, µSD), integrated Trusted Execution Environment. Read the strawman proposal of 'secure token and other secure services' workshop discussed in web crypto, to be confirmed by W3C here
The user gets sometimes lost when trying to audit and understand the security of the communication a web app is having. User interface and information made available to him varies largely from one browser to another. On the other hand, some sensitive services are now deployed over the web (communication via Web RTC, payment ...), for which more control is required. One possible feature to develop could be the standardization of the user interface in order to view or control the security level of the communication a web app is using, including certificate management.