Difference between revisions of "IG/W3C security roadmap"

From Web Security
< IG
Jump to: navigation, search
(Security Indicators)
Line 11: Line 11:
  
 
== Security Indicators ==
 
== Security Indicators ==
The user is sometimes gets lots when trying to audit and understand the security of the communication a web app is using. User interface and information made available to him varies largely from one browser to another. On the other hands, some sensitive services are now deployed over the web (communication via Web RTC, payment ...), for which the user should have more information. One possible feature to develop could be the standardization of the user interface in order to view or control the security level of the communication a web app is using.
+
The user is sometimes gets lots when trying to audit and understand the security of the communication a web app is having. User interface and information made available to him varies largely from one browser to another. On the other hands, some sensitive services are now deployed over the web (communication via Web RTC, payment ...), for which more control is required. One possible feature to develop could be the standardization of the user interface in order to view or control the security level of the communication a web app is using, including certificate management.

Revision as of 09:36, 17 January 2014

In 2013 several discussions related to security happened in W3C area. Here are the major features that were mentioned by different contributors, that the Web Security IG recommends to develop.

Security Enablers

The platforms hosting the open web platform is offering some security features that are not made available yet to the web developers or to the user. It may be worth bringing to the open web platform the following features :

- Using DANE (DNS-Based Authentication of Named Entities) Read article

- Enabling usage of trusted elements Platform may embed some trusted elements offering functionality such as trusted storage, trusted execution... Those trusted elements can have different form such as embedded chip (TPM, embedded Secure Element), pluggable chip (SIM card, Smart Card, µSD), integrated Trusted Execution Environment.

Security Indicators

The user is sometimes gets lots when trying to audit and understand the security of the communication a web app is having. User interface and information made available to him varies largely from one browser to another. On the other hands, some sensitive services are now deployed over the web (communication via Web RTC, payment ...), for which more control is required. One possible feature to develop could be the standardization of the user interface in order to view or control the security level of the communication a web app is using, including certificate management.