This page summarizes the relationships among specifications, whether they are finished standards or drafts. Below, each title
links to the most recent version of a document.
Completed Work
W3C Recommendations have
been reviewed by W3C Members, by software developers, and by other
W3C groups and interested parties, and are endorsed by the
Director as Web Standards. Learn more about the W3C Recommendation
Track.
Group Notes are not standards and do not
have the same level of W3C endorsement.
Group Notes
|
2012-05-29
|
This specification defines the From-Origin response header - a
way for resources to declare they are unavailable within an embedding
context.
|
Drafts
Below are draft documents:
Candidate Recommendations, other Working Drafts.
Some of these may become Web Standards through the W3C Recommendation Track
process. Others may be published as Group Notes or
become obsolete specifications.
Candidate Recommendations
|
2013-01-29
|
This document defines a mechanism to enable client-side cross-origin requests.
|
|
2012-11-15
|
Content Security Policy is a mechanism web applications can use to
mitigate the broad class of content injection vulnerabilities, such as
cross-site scripting (XSS). Content Security Policy is a declarative policy
that lets the authors (or server administrators) of a web application
restrict from where the application can load resources.
|
Other Working Drafts
|
2013-05-23
|
This document defines directives for the Content Security Policy mechanism to declare a set of input protections for a web resource's user interface, defines a non-normative set of heuristics for Web user agents to implement these input protections, and a reporting mechanism for when they are triggered.
|
|
2013-03-21
|
This document specifies a runtime and security model for Web Applications.
It describes how an application is defined through an application manifest, and
how it can be installed, updated and packaged. It also specifies how such an
application can be put into the background, be put back in the foreground or woken up.
Finally, the document describes the security model for such applications. This
includes the permission model and the different security rules that would apply.
|
|
2013-01-08
|
This specification describes a JavaScript API for performing basic
cryptographic operations in web applications, such as hashing, signature
generation and verification, and encryption and decryption. Additionally, it
describes an API for applications to generate and/or manage the keying material
necessary to perform these operations. Key storage is provided for both
temporary and permanent keys. Access to keying material is contingent on the
same origin policy. Uses for this API range from user or service authentication,
document or code signing, and the confidentiality and integrity of
communications.
|
|
2013-01-08
|
This document consists of use cases for the Web Cryptography API and the
Key Discovery API, expressed as scenarios along with illustrative code snippets.
|
|
2013-01-08
|
This specification describes a JavaScript API for discovering named,
origin-specific pre-provisioned cryptographic keys for use with the Web
Cryptograpy API.
|
|
2012-12-13
|
This document defines a policy language used to declare a set of content
restrictions for a web resource, and a mechanism for transmitting the policy
from a server to a client where the policy is enforced.
|
|
2010-01-26
|
The Uniform Messaging Policy (UMP) enables cross-site messaging that avoids Cross-Site-Request-Forgery and similar attacks that abuse HTTP cookies and other credentials.
|
W3C
