index.html
5.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>W3C Security Activity</title>
<meta name="generator" content="amaya 9.52, see http://www.w3.org/Amaya/" />
<link href="../StyleSheets/base.css" rel="stylesheet" type="text/css" />
<link href="../2006/WSC/style.css" rel="stylesheet" type="text/css" />
<link href="../StyleSheets/public.css" rel="stylesheet" type="text/css" />
</head>
<body>
<p><a href="../"><img src="http://www.w3.org/Icons/WWW/w3c_home" alt="W3C" /></a>
<a href="../TandS/"><img src="../Icons/tands.gif"
alt="Technology and Society Domain" width="212" height="48" /></a></p>
<p>See also: <a href="Activity">Security Activity Statement</a></p>
<h1>W3C Security Home</h1>
<p>Security online is a vast field that is being worked on by a number of
organizations, including W3C. Mapping the entire field would be a huge
endeavor; hence, this page focuses on work that W3C is involved in.</p>
<p>The traditional <a href="security-resource">W3C Security Resources page</a>
is no longer maintained, but remains online for archival purposes.</p>
<p>The <a href="wiki">Web Security Wiki</a> serves as a place for interestd parties in the Web
security community to collect information about security aspects of specifications and
implementations of Web technologies.</p>
<h2 id="webappsec">Upcoming: Web Application Security</h2>
<p>The W3C Advisory Committee is currently reviewing <a href="/2011/07/security-activity.html">a
proposal</a> to charter a <a href="/2011/07/appsecwg-charter.html">Web Application Security
Working Group</a> and a <a href="/2011/07/security-ig-charter.html">Web Security Interest
Group.</a></p>
<p>Both groups focus on security for complex Web Applications in general: The Interest Group picks
up on the existing <a
href="http://lists.w3.org/Archives/Public/public-web-security">public-web-security</a> mailing list,
and provides a formal framework for it. The Web Application Security Working Group is intended to
take up work on the <a
href="https://dvcs.w3.org/hg/content-security-policy/raw-file/bcf1c45f312f/csp-unofficial-draft-20110303.html">informal
work on the Content Security Policy</a> specification and related work, and to lead the Cross-Origin
Resource Sharing specification to Recommendation.</p>
<p>The goal of this work is to enable secure mash-ups, and to create a more robust Web security
environment around light-weight policy expression that meshes with HTML5's built-in security policies.</p>
<h2 id="xmlsigetc">XML Security Specifications: Signature, Encryption, and
Key Management</h2>
<p class="firstitem">The <a href="http://www.w3.org/Signature/"
class="charterlink">XML Signature Working Group</a> was a successful joint
effort of W3C and IETF to develop an XML compliant syntax used for
representing the signature of Web resources and portions of protocol
messages, and procedures for computing and verifying such signatures. The
Working Group has concluded successfully. Its <a
href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/">mailing list</a>
continues to operate.</p>
<p>Its deliverables included the <a
href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315">Canonical XML 1.0</a>
("C14N")specification which was subsequently found incompatible with <a
href="http://www.w3.org/TR/2005/REC-xml-id-20050909/">xml:id version 1.0</a>
and <a href="http://www.w3.org/TR/2001/REC-xmlbase-20010627/">XML Base</a>.
The <a href="http://www.w3.org/XML/Core/" class="charterlink">XML Core
Working Group</a> (part of the <a href="../XML/">XML Activity</a>) has
published <a href="http://www.w3.org/TR/xml-c14n11">Canonical XML 1.1</a> as
a Proposed Recommendation which is currently under Advisory Committee
Review.</p>
<p>For a more detailed discussion see <a
href="http://www.w3.org/TR/C14N-issues/">Known Issues with Canonical XML
1.0</a>. A proposal for propagating these changes to <a
href="http://www.w3.org/TR/xmldsig-core/">XML Signature Syntax and
Processing</a> is outlined in <a
href="http://www.w3.org/TR/DSig-usage/">Using XML Digital Signatures in the
2006 XML Environment</a>.</p>
<p>The <a href="http://www.w3.org/Encryption/2001/" class="charterlink">XML
Encryption Working Group</a> was a successful effort to develop a process for
encrypting/decrypting digital content (including XML documents and portions
thereof) and an XML syntax used to represent the (1) encrypted content and
(2) information that enables an intended recipient to decrypt it.</p>
<p>The <a href="http://www.w3.org/2001/XKMS/" class="charterlink">XML Key
Management Working Group</a> developed a specification of XML
application/protocol that allows a simple client to obtain key information
(values, certificates, management or trust data) from a web service. The
Working Group concluded successfully.</p>
<p>The <a href="../2008/xmlsec/" class="charterlink">XML Security Working Group</a> is chartered to
take next steps with the XML Security specifications, based on the results from the September 2007
<a href="http://www.w3.org/2007/xmlsec/ws/report">Workshop on Next Steps for the XML Security
Specifications</a> (<a href="http://www.w3.org/2007/xmlsec/ws/report">report</a>).</p>
<h2>Device APIs</h2>
<p>While not formally part of the Security Activity, the <a href="/2009/dap/">Device APIs and
Policy</a> Working Group is chartered to specify a set of APIs for web applications and widgets that
grant these applications access to security and privacy sensitive information and services. The
group will also consider appropriate security frameworks and policies.</p>
<address>
<a href="mailto:tlr@w3.org">Thomas Roessler</a>, Security Activity Lead<br
/>
$Id: Overview.html,v 1.30 2011/07/13 16:25:11 roessler Exp $
</address>
</body>
</html>