IG/webcryptonext draft charter

From Web Security
< IG
Jump to: navigation, search

Draft Web Crypto Rechartering

Goals

The Web Crypto WG has been created in 2012 and delivered a first version of Web Crypto API allowing web developers to manage basic cryptographic operations in web applications. Based on that first achievement the Working Group received some suggestion for integrating new cryptographic algorithms. Based on those requests, and the expected cryptographic innovations, the Web Crypto WG will then focus on :

  • develop extension to the Web Crypto API describing new algorithms or family algorithms.
  • maintain the web Crypto API, by integrating new features adopted by the open web platform, such as Streams, if becoming mature.

the Web Crypto WG will not adress any new use case others then the ones developed with the first version of the Web Crypto API.

The Web Cryptography Working Group should aim to produce specifications that have wide deployment. The Web Cryptography Working Group should adopt, refine and when needed, extend, existing practices and community-driven draft specifications when possible. The APIs should integrate well with Web Applications and so should be developed in concert with Web Application developers and the Web Application Security and HTML Working Groups. Comprehensive test suites should be developed for the specification to ensure interoperability.

Scope

Features in scope are:

The Working Group will develop the following specifications on the Recommendation Track

  • New curve extension to Web Crypto API (with priority on the IETF recent cryptographic recommendation)
  • Streams integration when becoming stable for the open web platform.

No new use cases will be addressed into that Working Group.

Out of scope: While there were some expression of interest for the management of new services [1], it has been clarified that those would not be addressed into the Web crypto WG. As such the following features will not be discussed in Web Crypto WG

  • accessing to cryptographic and authentication services in smart card and TEE.
  • definition of authentication methods
  • management of certificates

[1] [1]

Success Criteria

In order to advance to Proposed Recommendation, the specification is expected to specify at least all primary API features and expected to have two independent implementations of each API feature defined in the specification.

Deliverables

Recommendation-Track Deliverables

The working group will deliver at least the following:

  • extension of Web Crypto API for new curves [please insert a consensual list]

Other non-normative documents may be delivered:


Milestones

[dates of deliverables on the track recommendation line]