Revision as of 09:59, 2 May 2014

Welcome to the wiki of the W3C Web Security related activities.

This wiki is providing you with - an entry point to each group wiki - a reference to the important on-going deliverables, gathering efforts of security contributors in W3C

Entry point to W3C security related wikis

Other important activities are happening on other groups and that may impact the web (security) model

W3C deliverables to monitor

Some working draft are currently discussed in those different groups and should require your review and comments :

User Interface Security Directives for Content Security Policy at Last Call stage
Web Crypto API at Last Call stage
Content Security Policy 1.1 at WD draft
Subresource Integrity at FPWD stage

How to contribute ?

You want to be part of this effort related to improving standards and implementations to advance the security of the Web?

join the WG or IG
contribute to this wiki

This wiki is open for contributions by all with a W3C account. For general discussions, please refer to the public-web-security mailing list.

request a Member account (use if you work for a W3C member company)
request a Public account (use otherwise)
password mailback

Related Groups to Liaise With

IETF WebSec Working Group
OWASP ?

Note : you can access the old version of that wiki [1]

@@ Line 50: / Line 50: @@
 Note : you can access the old version of that wiki [https://www.w3.org/Security/wiki/old2014]
-// old version of the page //
-==Specs to review, groups to watch==
-Most wiki activity is now taking place in the [https://www.w3.org/Security/wiki/IG Web Security Interest Group].
-===Specs===
-Wiki pages containing information about these specifications:
-* [[Content Security Policy]] ([http://www.w3.org/2011/webappsec/ webappsec]); use the [http://lists.w3.org/Archives/Public/public-web-security/ public-webappsec@w3.org] mailing list for discussion.
-* [[XMLHttpRequest]] (webapps)
-* [[CORS|CORS and Uniform Messaging Policy]] ([http://www.w3.org/2011/webappsec/ webappsec]); use the [http://lists.w3.org/Archives/Public/public-web-security/ public-webappsec@w3.org] mail list for related discussions
-* [[HTML5]] (html)
-* [[Websockets]] (webapps)
-* [[Anti-Clickjacking Requirements]] ([http://www.w3.org/2011/webappsec/ webappsec]); use the [http://lists.w3.org/Archives/Public/public-web-security/ public-webappsec@w3.org] mailing list for discussion.
-===Groups===
-* [http://www.w3.org/2012/webcrypto/ WebCrypto WG]
-* [http://www.w3.org/2011/webappsec/ WebAppSec WG]
-* [http://www.w3.org/2008/webapps Webapps]
-* [http://www.w3.org/html/wg HTML WG]
-* [http://www.w3.org/2009/dap Device APIs]
-* [http://www.w3.org/2008/xmlsec XML Security WG]
-===Related Groups to Liaise With===
-* [http://www.ietf.org/ IETF] [http://datatracker.ietf.org/wg/websec/charter/ WebSec Working Group]
-== Ongoing issues ==
-* [[Trusted User Interface]]
-* [[Same Origin Policy]] and [http://tools.ietf.org/html/draft-ietf-websec-origin Same Origin Policy] by Adam Barth
-* [[Cross Site Attacks]]
-* [[Comparison of CORS and UMP]] (Work in progress)
-Perhaps this wiki would be handy for thinking thru some security patterns the TAG is discussing under [http://www.w3.org/2001/tag/group/track/issues/31 ISSUE-31 (metadatainURI-31)]...
-* [[Ungessable URI]], [[Web Key]], [[Email Confirmation]]
-* [[Passwords In The Clear]] (maybe not worth bothering; the finding is done, I think)
-== Meetings ==
-* [http://esw.w3.org/topic/TPAC_Security_BOF TPAC 2009 security BOF]