Latest revision as of 09:34, 24 September 2015

Welcome to the wiki of the W3C Web Security related activities.

This wiki is providing you with

an entry point to each group wiki
a reference to the important on-going deliverables, gathering efforts of security contributors in W3C

Entry point to W3C security related wikis

Other important activities are happening on other groups and that may impact the web (security) model

W3C deliverables to monitor

Some working draft are currently discussed in those different groups and should require your review and comments :

User Interface Security Directives for Content Security Policy at Last Call stage
Web Crypto API at Last Call stage
Content Security Policy 1.1 at WD draft
Subresource Integrity at FPWD stage

How to contribute ?

You want to be part of this effort related to improving standards and implementations to advance the security of the Web?

join the WG or IG
contribute to this wiki

This wiki is open for contributions by all with a W3C account. For general discussions, please refer to the public-web-security mailing list.

request a Member account (use if you work for a W3C member company)
request a Public account (use otherwise)
password mailback

Activities

[Draft Report of WebCrypto Workshop]

Related Groups to Liaise With

IETF WebSec Working Group
OWASP ?

Note : you can access the old version of that wiki [1]

@@ Line 2: / Line 2: @@
 This wiki is providing you with
-- an entry point to each group wiki
-- a reference to the important on-going deliverables, gathering efforts of security contributors in W3C
+* an entry point to each group wiki
+* a reference to the important on-going deliverables, gathering efforts of security contributors in W3C
 = Entry point to W3C security related wikis =
+* [http://www.w3.org/2011/webappsec/ WebAppSec WG]
 * [http://www.w3.org/2012/webcrypto/ WebCrypto WG]
-* [http://www.w3.org/2011/webappsec/ WebAppSec WG]
+* [http://www.w3.org/2008/xmlsec XML Security WG] (limited activity)
-* [http://www.w3.org/2008/xmlsec XML Security WG]
 * [http://www.w3.org/Security/wiki/IG Web Security Interest Group]
-Other important activities are happening on other groups and that may impact the web security model
+Other important activities are happening on other groups and that may impact the web (security) model
 * [http://www.w3.org/html/wg HTML WG]
 * [http://www.w3.org/2009/dap Device APIs]
+* [http://www.w3.org/2012/sysapps/ SysApp WG]
 * [http://www.w3.org/2008/webapps Webapps WG]
 * [http://www.w3.org/2011/04/webrtc/ Web Real-Time Communications WG]
@@ Line 21: / Line 24: @@
 = W3C deliverables to monitor =
 Some working draft are currently discussed in those different groups and should require your review and comments :
-* [http://www.w3.org/TR/CSP11/ CORS 1.1] as a WD
+* [http://www.w3.org/TR/UISecurity/ User Interface Security Directives for Content Security Policy] at Last Call stage
 * [http://www.w3.org/TR/WebCryptoAPI/ Web Crypto API] at Last Call stage
-* [http://www.w3.org/TR/UISecurity/ http://www.w3.org/TR/UISecurity/] at Last Call stage
+* [http://www.w3.org/TR/CSP11/ Content Security Policy 1.1] at WD draft
+* [http://www.w3.org/TR/SRI/ Subresource Integrity] at FPWD stage
 = How to contribute ? =
@@ Line 39: / Line 45: @@
 * [http://www.w3.org/Help/Account/MailPassword/ password mailback]
-= old version of that wiki =
+= Activities =
-// old version of the page //
-==Specs to review, groups to watch==
-Most wiki activity is now taking place in the [https://www.w3.org/Security/wiki/IG Web Security Interest Group].
-===Specs===
-Wiki pages containing information about these specifications:
-* [[Content Security Policy]] ([http://www.w3.org/2011/webappsec/ webappsec]); use the [http://lists.w3.org/Archives/Public/public-web-security/ public-webappsec@w3.org] mailing list for discussion.
-* [[XMLHttpRequest]] (webapps)
-* [[CORS|CORS and Uniform Messaging Policy]] ([http://www.w3.org/2011/webappsec/ webappsec]); use the [http://lists.w3.org/Archives/Public/public-web-security/ public-webappsec@w3.org] mail list for related discussions
-* [[HTML5]] (html)
-* [[Websockets]] (webapps)
-* [[Anti-Clickjacking Requirements]] ([http://www.w3.org/2011/webappsec/ webappsec]); use the [http://lists.w3.org/Archives/Public/public-web-security/ public-webappsec@w3.org] mailing list for discussion.
-===Groups===
-* [http://www.w3.org/2012/webcrypto/ WebCrypto WG]
-* [http://www.w3.org/2011/webappsec/ WebAppSec WG]
-* [http://www.w3.org/2008/webapps Webapps]
-* [http://www.w3.org/html/wg HTML WG]
-* [http://www.w3.org/2009/dap Device APIs]
-* [http://www.w3.org/2008/xmlsec XML Security WG]
-===Related Groups to Liaise With===
+* [Draft Report of WebCrypto Workshop]
+= Related Groups to Liaise With =
 * [http://www.ietf.org/ IETF] [http://datatracker.ietf.org/wg/websec/charter/ WebSec Working Group]
+* OWASP ?
-== Ongoing issues ==
+Note : you can access the old version of that wiki [https://www.w3.org/Security/wiki/old2014]
-* [[Trusted User Interface]]
-* [[Same Origin Policy]] and [http://tools.ietf.org/html/draft-ietf-websec-origin Same Origin Policy] by Adam Barth
-* [[Cross Site Attacks]]
-* [[Comparison of CORS and UMP]] (Work in progress)
-Perhaps this wiki would be handy for thinking thru some security patterns the TAG is discussing under [http://www.w3.org/2001/tag/group/track/issues/31 ISSUE-31 (metadatainURI-31)]...
-* [[Ungessable URI]], [[Web Key]], [[Email Confirmation]]
-* [[Passwords In The Clear]] (maybe not worth bothering; the finding is done, I think)
-== Meetings ==
-* [http://esw.w3.org/topic/TPAC_Security_BOF TPAC 2009 security BOF]