Security for User Agents Current Status

This page summarizes the relationships among specifications, whether they are finished standards or drafts. Below, each title links to the most recent version of a document.

Completed Work

W3C Recommendations have been reviewed by W3C Members, by software developers, and by other W3C groups and interested parties, and are endorsed by the Director as Web Standards. Learn more about the W3C Recommendation Track.

Group Notes are not standards and do not have the same level of W3C endorsement.



Web Security Context: User Interface Guidelines

This specification defines guidelines and requirements for the presentation and communication of Web security context information to end-users.

Group Notes


Web Security Experience, Indicators and Trust: Scope and Use Cases

This Note refines the objectives for the Web Security Context Working Group deliverables. It elaborates upon the group's Charter [WSC-CHARTER] to explain what the group aims to achieve, what technologies may be used and how technical proposals will be evaluated. This elaboration is limited to the group's technical work and does not cover additional activities the group intends to engage in, such as ongoing outreach and education.

This Note also includes an initial collection of use cases that the group expects will drive its technical work.

Since this Note discusses the assumptions, goals, and processes the group will use to develop its recommendations, the intended audience is similiar to that of the charter of the Working Group; group members, the W3C community, developers of web user agents, web content providers (server administrators), and parties interested and engaged in what the Web Security Context Working Group's plans and directions are. It is explicitly not targeted at the presumed beneficiaries of the group's work, the users of the web, and it is not expected that an average user would be able to read this document and understand it.


Web User Interaction: Threat Trees

This Note includes threat trees used to analyze the threats that the [WSC-XIT] responds to. It is a companion document to [WSC-USECASES].


Below are draft documents: Candidate Recommendations . Some of these may become Web Standards through the W3C Recommendation Track process. Others may be published as Group Notes or become obsolete specifications.

Candidate Recommendations


Web Authentication: An API for accessing Public Key Credentials Level 1

This specification defines an API that enables web pages to access WebAuthn compliant strong cryptographic credentials through browser script.