World Wide Web Consortium To Hold Workshop on Transparency and Usability of Web Authentication

Area Experts to Examine Potential Methods for Creating a Secure Web

Contact Americas, Australia --
Janet Daly, <janet@w3.org>, +1.617.253.5884 or +1.617.253.2613
Contact Europe, Africa and the Middle East --
Marie-Claire Forgue, <mcf@w3.org>, +33.492.38.75.94
Contact Asia --
Yasuyuki Hirakawa <chibao@w3.org>, +81.466.49.1170

(also available in French and Japanese; see also translations in other languages)

http://www.w3.org/ -- 15 December 2005: The World Wide Web Consortium (W3C) announces its Workshop "Toward a More Secure Web -- W3C Workshop on Transparency and Usability of Web Authentication." The Call for Participation solicits position papers from Web security experts, software developers, browser manufacturers and their customers regarding usability and transparency of Web authentication. The goal is to identify methods to make secure, trustworthy browsing easy. Position papers can be submitted by email until 25 January 2006.

The Workshop takes place in New York City, USA, on 15 and 16 March 2006, and is hosted by Citigroup.

Secure browsing must be easier to do

Gaps in practical security on the Web make all users easy targets for fraud. Despite broad availability of security technologies, the Web community (browser developers, Web site operators, users) lack agreement on how to help avoid the most basic types of fraud. For example, Web users often cannot tell whether a Web site is really what it claims to be. All users deserve Web security that is convenient to use, and easy to understand.

Current solutions don't make users aware of critical information

Web security today critically depends on Transport Layer Security (TLS), an IETF protocol that is wrapped around HTTP transactions to provide endpoint authentication and communications privacy. Ongoing "phishing" attacks demonstrate that these security measures fail in practice: while the currently available mechanisms are technically solid, implementations often don't succeed in making users aware what kind of security is actually in place, and with whom they are actually communicating. As a result, attackers can bypass these security mechanisms without users noticing.

W3C brings together browser developers, researchers, and end users to identify concrete issues with transparent, usable, and effective Web Security

In order to improve the security of the Web as people use it today, W3C is convening a diverse community of users and developers to consider leading security use cases and identify concrete actions to take. The Workshop is chaired by Daniel Schutzer (Citigroup), and Thomas Roessler (W3C). The Program Committee includes representation from America Online Inc (AOL), Apple Computer, Bar-Ilan University, Carnegie Mellon University, the Center for Democracy and Technology (CDT), Columbia University, Comodo, Financial Services Technology Consortium (FSTC), Graz University of Technology, Microsoft, Mozilla, Ruhr-Universit├Ąt Bochum, (SIZ), Sun Microsystems, KDE project, New York University, Opera, and VeriSign.

This Workshop aims to concretely identify a range of issues faced by those who wish to use the Web as a secure environment for tasks ranging from basic browsing to the most specialized application. In particular, the participants will look at ways to help address the current threats on the Web that are caused by the present lack of comprehensible and transparent Web authentication. The Workshop is expected to focus on near-term improvements that can be realized in browsers and through best practices coordinated between browser vendors and e-commerce service providers. Experiences and use cases from the financial services industry are expected to inform the discussion.

More information about the Workshop is available from the Workshop home page.

About the World Wide Web Consortium [W3C]

The W3C was created to lead the Web to its full potential by developing common protocols that promote its evolution and ensure its interoperability. It is an international industry consortium jointly run by the MIT Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) in the USA, the European Research Consortium for Informatics and Mathematics (ERCIM) headquartered in France and Keio University in Japan. Services provided by the Consortium include: a repository of information about the World Wide Web for developers and users, and various prototype and sample applications to demonstrate use of new technology. Over 400 organizations are Members of the Consortium. For more information see http://www.w3.org/