Web Cryptography Next Steps

W3C Workshop on Authentication, Hardware Tokens and Beyond

10-11 September 2014, Silicon Valley (Mountain View), California

Final Report Published.

Many projects and companies are now requiring high security Web applications with improved authentication, and the W3C is positioned to enable technologies ranging from simple multi-factor authentication to full-blown smartcard-based authentication available to Web applications. For an example of new relevant work, the Web Cryptography API will soon expose standardized cryptographic functionality to Web applications across all major browsers.

Before re-chartering Web Cryptography Working Group or any new Working Group, the W3C believes that consensus around a long-term strategy should be solidified, and so the W3C is holding a workshop to determine what the web ecosystem needs to fully realize the potential of authentication on the Web in interoperating with other groups such as the FIDO Alliance and the Smartcard Alliance.

The aim of this workshop is to bring together those interested in discussing the integration of high-value authentication and hardware-based security in the Open Web Platform. This integration could make available to the Open Web Platform the current security capabilities of platforms via standards in this area.

Goals and Scope

The integration of hardware tokens for Web applications has been discussed in several Working Groups in W3C, such as the Web Cryptography Working Group, the SysApps Working Group, and in other workshops. Nevertheless there are different forms of secure tokens (from smartcards to secure micro-SD) and different services that could be brought by those trusted elements (storage, cryptographic operations, secure operations, authentication). Industry efforts in this area like the FIDO Alliance, which includes the use of mobile devices and biometric readers for authentication, have also been rapidly maturing and could intersect with the W3C in a number of mutually beneficially ways. The goal of this workshop is to outline a consensus for future deliverables and scope for the Web Cryptography Working Group charter or another Working Group charter and potentially list secure services to be developed on the Open Web Platform.

We invite you to submit a paper and to attend this workshop to help shape the next steps for the Web Cryptography API.

Further steps

The Web Cryptography Working Group will be rechartering their Working Group after exiting the Candidate Recommendation phase, and this is expected to happen at some point this year. Thus, having a clear consensus on how the current API can be extended is vital to plan the next phase of the Working Group, or any new Working Groups that may be related. Various aspects of the technology needed for high-value authentication may also be well-suited for existing other Working Groups or new Working Groups.

Workshop topics

Possible topics include, but are not limited to the following:

Who Should Attend

How to Participate

If you are working at the intersection of the Web and authentication, we want you to attend this workshop. We also want to know more about what direction the Web Cryptography API should take in the coming years.

Participation is free and open to W3C members and non-members. Due to space constraints, the workshop is limited to 70 attendees.

Position papers or statements of interest are required to be eligible to participate in this workshop. Organizations or individuals wishing to attend must submit a position paper explaining their perspectives on a workshop topic of their choice no later than 30 July 2014. Participants should have an active interest in the area selected, ensuring other workshop attendees will benefit from the topic and their presence.

Position papers should:

See the position papers submitted for the previous W3C workshop that led to the Web Cryptography Working Group as an example.

The authors of particularly salient or representative submissions will be given the opportunity to present their position at the workshop, to foster discussion. Those submitters not selected to present are still encouraged to attend the workshop to contribute to the discussion, although we still have a strict upper limit of 70.

Position papers must be in English, and HTML format is strongly preferred, though we will also accept plain text or PDF format; presentation slides are also preferred to be in HTML, but other slide formats are acceptable. All submissions should be a few paragraphs to two pages in length (approximately 500–2000 words), although they may link to longer versions or appendices.

Please note that all submitted position papers will be published on the public Web page of the workshop.

Position papers should be submitted via email to the <team-webcrypto-submission@w3.org> mailing list.

Registration is free. Register now


W3C's Web Cryptography Next Steps Workshop is at Microsoft's Silicon Valley Labs in Mountain View, California


Building Number 1 (Jupiter and Mercury Rooms)

Microsoft Corporation

1065 La Avenida St

Mountain View, CA 94123

United States

+1 (650) 693-1001

10-11 September 2014



Note that there are no hotels within walking distance of the venue, and thus cars or taxis must be taken.

W3C has not negotiated special prices with any hotels, but we have identified reasonably-priced hotels nearby the venue venue:

Note that hotels in the Mountain View area tend to book fast, so booking your hotel soon is recommended.


The nearest airport is the San Jose International Airport (SJO).


Program Committee




Workshop sessions will focus on discussions among all participants. Presentations will be no more than 6 minutes ("pecha-kucha") each done in a panel style in order to start the discussion. Moderators will enforce the time limit, facilitate discussions, and summarize the results at the end of the sessions.

Note: This agenda lists the papers' authors and, if information provided, the individual presenting the paper. In some cases, papers may be presented by different individuals.

Hash tag: #cryptonext
IRC channel: #crypto
Raw minutes: Sept. 10, Sept. 11.

Wednesday Sept 10th, 2014

Thursday Sept 11th

Note that the agenda on this day may be subject to change depending on results of first day.


Becoming a Sponsor

W3C Workshops, meetups, and other events bring you into direct contact with leading Web technology experts: representatives from industry, research, government, and the developer community.

Whether your interests are focused on a particular topic being discussed by a Working Group, or you wish to reach a diverse international audience setting W3C's strategic direction, sponsorship helps your organization reach W3C's engaged participants.

Sponsorships offset a portion of our meeting costs, so W3C welcomes multiple sponsors for each event. All proposals for sponsorship are subject to W3C approval.

If you're interested in being a sponsor of the W3C Next Steps for Web Cryptography Workshop, please contact J. Alan Bird at abird@w3.org or +1 617 253 7823.

For additional information, please visit the Sponsorship program.