W3C Launches Secure Browsing Initiative
"Security Context" Important Step Toward Fraud Prevention
http://www.w3.org/ -- 17 October 2006 -- Recognizing the challenges people face when browsing the Web, W3C today launched an initiative to build a foundation for a more secure Web. The new Web Security Context Working Group will propose standards that will enable browsers to do a much better job helping people make proper trust decisions.
"When I'm browsing the Web, I want my browser to help me understand who really is the owner of a Web page," said Tim Berners-Lee, W3C Director. "There is much deployed and proven security technology, but we now need to connect it all the way through to the Web user. A Web browser acts on my behalf as I surf the Web, and I need more help from it to avoid being spoofed."
The group's mission is threefold: to build consensus around what information people need from browsers in order to understand their "security context," to find innovative ways to present this information and raise awareness, and to suggest ways to make browsers less susceptible to spoofing of user interfaces that are used to convey critical security information to end users.
Successful Security Workshop Culminates in Focus on Security Context
W3C chartered this new work after a successful Workshop on Usability and Transparency of Web Authentication in March 2006 (see press release). That Workshop paired Google, HP, IBM, KDE, Microsoft, Mozilla, Nokia, Opera, Sun Microsystems, VeriSign, Yahoo! and many other organizations with leaders of the online finance community to learn about real world threats.
The Workshop demonstrated that there is significant interest in the areas of secure interfaces and the data required from content providers to enable those interfaces. W3C therefore anticipates strong participation by browser vendors, security experts, research institutes, financial institutions, and end users in the new group. The group will also coordinate with other organizations that have expertise in this area, including the IETF, OASIS, and Liberty Alliance.
The charter of the Web Security Context Working Group is the result of public discussion and review. Per the charter, the group will continue to conduct its technical work in public and will operate under the W3C Royalty-Free Patent Policy. Mary Ellen Zurko of IBM serves as Chair of the Web Security Context Working Group. The group is part of W3C's Security Activity, led by Thomas Roessler.
About the World Wide Web Consortium [W3C]
The World Wide Web Consortium (W3C) is an international consortium where Member organizations, a full-time staff, and the public work together to develop Web standards. W3C primarily pursues its mission through the creation of Web standards and guidelines designed to ensure long-term growth for the Web. Over 400 organizations are Members of the Consortium. W3C is jointly run by the MIT Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) in the USA, the European Research Consortium for Informatics and Mathematics (ERCIM) headquartered in France, Keio University in Japan, and has additional Offices worldwide. For more information see http://www.w3.org/