Security Interest Group Plenary Call

• Upcoming
• Confirmed

Security Interest Group Plenary call for task assignments.

Agenda

 View agenda

• Administrivia

  • Scribe volunteer(s) or Zoom AI?
  • Reminders:
    • Interest Group Membership
    • W3C Code of Conduct

• Participants Introduction (2 minutes roundtable)

• Next meetings

  • 12 May 2026
  • 26 May 2026

• Security Topics

  • WebMCP: Threat Modeling Approach

    • Issue: webmachinelearning/webmcp#154
    • Security and privacy considerations: Security and Privacy Considerations for WebMCP
    • What are we working on: Readme file

    We should discuss the approach on how to work with them: (a) filing issues, or (b) we should be to reverse-engineer the implicit threat model from the current security and privacy considerations. A possible outcome is an hybrid approach: file a small number of clear security issues if something arises, while recommending a compact threat-modeling note to guide the broader review.

• Security Reviews

  • Devices and Sensors WG 2026 Charter review

    • Issue: w3c/strategy#530
    • Draft charter: [DRAFT] Devices and Sensors Working Group Charter
    • Background reading: Peripheral Instinct: How External Devices Breach Browser Sandboxes

    The proposed Devices and Sensors WG charter should be reviewed with particular attention to APIs that expose device capabilities or persistent device state. The Peripheral Instinct paper has a useful analysis: low-level web access to peripherals can shift the trust boundary from a trusted host operating system to a potentially malicious web origin, with effects that may survive the browser session and cross the ordinary browser sandbox boundary. Should we require a threat model during chartering to understand if the residual threas are accettable?

  • Reviews that need volunteer(s):

    • specs
    • charters

• Community / coordination

  • Threat Modeling Sessions: We have DID and RDF, maybe adding a session for us to work on WebMCP?

Joining Instructions

Instructions are restricted to W3C users with Member access . You need to log in to see them.

Export options

Personal Links

Please log in to export this event with all the information you have access to.

Public Links

The following links do not contain any sensitive information and can be shared publicly.

• Download this event as ics
• Download all events in the series as ics