Welcome to the wiki of the W3C Web Security related activities.

This wiki is providing you with - an entry point to each group wiki - a reference to the important on-going deliverables, gathering efforts of security contributors in W3C

Entry point to each security related wiki

W3C deliverables to monitor

How to contribute ?

You want to be part of this effort related to improving standards and implementations to advance the security of the Web?

• join the WG or IG
• contribute to this wiki

This wiki is open for contributions by all with a W3C account. For general discussions, please refer to the public-web-security mailing list.

• request a Member account (use if you work for a W3C member company)
• request a Public account (use otherwise)
• password mailback

// old version of the page //

Specs to review, groups to watch

Most wiki activity is now taking place in the Web Security Interest Group.

Specs

Wiki pages containing information about these specifications:

• Content Security Policy (webappsec); use the public-webappsec@w3.org mailing list for discussion.
• XMLHttpRequest (webapps)
• CORS and Uniform Messaging Policy (webappsec); use the public-webappsec@w3.org mail list for related discussions
• HTML5 (html)
• Websockets (webapps)
• Anti-Clickjacking Requirements (webappsec); use the public-webappsec@w3.org mailing list for discussion.

Groups

• WebCrypto WG
• WebAppSec WG
• Webapps
• HTML WG
• Device APIs
• XML Security WG

Related Groups to Liaise With

• IETF WebSec Working Group

Ongoing issues

• Trusted User Interface
• Same Origin Policy and Same Origin Policy by Adam Barth
• Cross Site Attacks
• Comparison of CORS and UMP (Work in progress)

Perhaps this wiki would be handy for thinking thru some security patterns the TAG is discussing under ISSUE-31 (metadatainURI-31)...

• Ungessable URI, Web Key, Email Confirmation
• Passwords In The Clear (maybe not worth bothering; the finding is done, I think)

Meetings

• TPAC 2009 security BOF