index.html 12.1 KB
</DOCTYPEhtmlPUBLIC"-//W3C//DTDXHTML1.0Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html
lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <meta name="viewport" content="width=device-width,initial-scale=1.0">
  <link rel="stylesheet" href="http://www.w3.org/2011/webappsec/style.css"
  type="text/css" media="all">
  <style type="text/css" media="screen and (max-width:800px)">
 
    body { margin:0;}
  </style>
  <link rel="stylesheet" href="http://www.w3.org/2011/webappsec/print.css"
  type="text/css" media="print">
  <style type="text/css" media="screen">
    dl.items {margin: 1em 2em;}
    dl.items dt {margin: 1.5em 0 0 1em;}
    dl.items dt a {font-weight: bold;}
    dl.items dd {margin: 0.5em 0 0 1em;}
    acronym { border-bottom: black dashed 1px }
    div#navigation li.current { color: white; font-weight: bold; }
    input[type="text"] { border: 1px solid black }
    /* From http://www.w3.org/2006/02/charter-style.css */
    td.meeting { background: #FFE }
    td.WD1 { background: #FED }
    td.LC { background: #FCB }
    td.CR { background: #FA9 }
    td.PR { background: #F87 }
    td.REC { background: #F60 }
   
    /* From http://www.w3.org/2008/01/media-fragments-wg.html */
    table.roadmap, tr.roadmap, th.roadmap, td.roadmap { border: 1px solid black; }
    th.roadmap, td.roadmap { padding: 5px 1em; }
    th.roadmap {
         background : #005a9c;
         color : #fff;
    }
  </style>
  <title>Web Application Security Working Group</title>
</head>

<body>
<!-- abcd -->

<div id="header">
<span class="logo"><a href="/"><img src="/Icons/WWW/w3c_home_nb" alt="W3C"
height="48" width="72"></a></span> </div>

<div id="page">
<h1>Web Application Security Working Group</h1>
</div>

<h2 id="mission">Mission</h2>

<p>As stated in its <a
href="http://www.w3.org/2011/08/appsecwg-charter.html">charter</a>, the mission
of the Web Application Security Working Group is to develop security and policy
mechanisms to improve the security of Web Applications, and enable secure
cross-site communication.</p>

<p></p>

<p></p>

<div style="margin: 2em 0 0 1em; clear:both;">

<table
summary="This table has six rows. The right column is the milestone for a date on the left."
style="margin: 0 0 0 1em; font-size: .9em; text-align:left;">
  <thead>
    <tr>
      <th rowspan="1" colspan="2" style="text-align:center;"><strong>Past and
        Upcoming Events</strong></th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td rowspan="1" colspan="2">Weekly teleconference: <a
        href="#telecon">every other Tuesday, 22:00-23:00 UTC (14:00-15:00
        PST)</a> 

        <p>Next call: 2011-01-17</p>
      </td>
    </tr>
    <tr>
      <td class="date" rowspan="1" colspan="1">2011-12-19</td>
      <td rowspan="1" colspan="1">Call for Consensus to advance CORS to Last
        Call <a
        href="http://lists.w3.org/Archives/Public/public-webappsec/2011Dec/0027.html">issued</a>.
      </td>
    </tr>
    <tr>
      <td class="date" rowspan="1" colspan="1">2011-12-1</td>
      <td rowspan="1" colspan="1">Call for Exclusions for Content Security
        Policy <a
        href="http://lists.w3.org/Archives/Public/public-webappsec/2011Dec/0000.html">issued</a>.
        Deadline 27 April 2012</td>
    </tr>
    <tr>
      <td class="date" rowspan="1" colspan="1">2011-11-29</td>
      <td rowspan="1" colspan="1">First Public Working Draft of <a
        href="http://www.w3.org/TR/2011/WD-CSP-20111129/">Content Security
        Policy</a> published</td>
    </tr>
  </tbody>
</table>
</div>

<h5>Also on this page → <a href="#deliverables">Publication Status</a> | <a
href="#resources">WG Resources</a> | <a href="#charter">Charter and History</a>
| <a href="#group">Participants</a> </h5>

<h2 class="break" id="deliverables">Publication Status</h2>

<table border="1" style="width: 100%">
  <caption>API Specifications and Non-Normative Documents</caption>
  <col>
  <col>
  <col>
  <col>
  <col>
  <col>
  <tbody>
    <tr>
      <td><strong>Name of Spec </strong> 

        <p><strong>(Editor's Draft)</strong></p>
      </td>
      <td><strong>Last Publication</strong></td>
      <td><strong>Type</strong></td>
      <td><strong>Remarks</strong></td>
      <td><strong>Testing</strong></td>
      <td><strong>Plans</strong></td>
    </tr>
    <tr>
      <td><a href="http://www.w3.org/TR/CSP/">Content Security Policy</a></td>
      <td>29-Nov-2011</td>
      <td>WD</td>
      <td>Editors: Brandon Sterne and Adam Barth</td>
      <td></td>
      <td></td>
    </tr>
    <tr>
      <td><a href="http://www.w3.org/TR/cors/">Cross-Origin Resource
      Sharing</a></td>
      <td>27-July-2010</td>
      <td>WD</td>
      <td>Editor: Anne van Kesteren</td>
      <td>Test Coordinator: Gopal Raghavan</td>
      <td>CfC to go to LCWD issued 19-Dec-2011</td>
    </tr>
    <tr>
      <td><a href="http://dev.w3.org/2006/waf/UMP/">Uniform Messaging Policy,
        Level One</a></td>
      <td>15-June-2010</td>
      <td>Input document</td>
      <td>Editors: Tyler Close and Mark Miller </td>
      <td></td>
      <td>Not on recommendation track at this time.</td>
    </tr>
    <tr>
      <td><a
        href="http://www.w3.org/2001/tag/2011/02/security-web.html">Security on
        the Web</a></td>
      <td>4-Feb-2011</td>
      <td>Input document</td>
      <td>summary by J. Kemp for the TAG - this document is not a TAG
      Finding</td>
      <td></td>
      <td></td>
    </tr>
  </tbody>
</table>
<!-- 
<h3>Updated Schedule</h3>

<table class="roadmap">
<tbody>
<tr>
<th class="roadmap" rowspan="1" colspan="1">Specification</th>
<th class="roadmap" rowspan="1" colspan="1"><acronym
title="First Working Draft">FPWD</acronym></th>
<th class="roadmap" rowspan="1" colspan="1"><acronym
title="Last Call Working Draft">LC</acronym></th>
<th class="roadmap" rowspan="1" colspan="1"><acronym
title="Candidate Recommendation">CR</acronym></th>
<th class="roadmap" rowspan="1" colspan="1"><acronym
title="Proposed Recommendation">PR</acronym></th>
<th class="roadmap" rowspan="1" colspan="1"><acronym
title="Recommendation">Rec</acronym></th>
</tr>
<tr>
<th class="roadmap" rowspan="1" colspan="1">xxxx</th>
<td class="WD1" rowspan="1" colspan="1">-</td>
<td class="LC" rowspan="1" colspan="1">-</td>
<td class="CR" rowspan="1" colspan="1">-</td>
<td class="PR" rowspan="1" colspan="1">-</td>
<td class="REC" rowspan="1" colspan="1">-</td>
</tr>
</tbody>
</table>
-->

<h2 id="resources">Working Group Resources</h2>

<h3 id="work_mode">Work Mode</h3>

<p>This general practices of this WG are are documented on our <a
href="WorkMode.html">Work Mode Page</a>.</p>

<h3 id="minutes">Meeting Minutes</h3>

<p>DRAFT: Call of 20 Dec 2011: <a
href="http://www.w3.org/2011/webappsec/draft-minutes/20-webappsec-minutes.html">http://www.w3.org/2011/webappsec/draft-minutes/20-webappsec-minutes.html</a></p>

<p>Call of 06 Dec 2011: <a
href="http://www.w3.org/2011/12/06-webappsec-minutes.html">http://www.w3.org/2011/12/06-webappsec-minutes.html</a>
</p>

<p>Call of 22 Nov 2011: <a
href="http://www.w3.org/2011/11/01-webappsec-minutes.html">http://www.w3.org/2011/11/01-webappsec-minutes.html</a></p>

<p>TPAC 2011, Day 1: <a
href="http://www.w3.org/2011/10/31-webappsec-minutes.html">http://www.w3.org/2011/10/31-webappsec-minutes.html</a></p>

<p>TPAC 2011, Day 2: <a
href="http://www.w3.org/2011/11/01-webappsec-minutes.html">http://www.w3.org/2011/11/01-webappsec-minutes.html</a></p>

<h3 id="tracking">Actions/Issues tracking</h3>

<p>See the Working Group's <a
href="http://www.w3.org/2011/webappsec/track/">tracker instance</a> (Tracker's
<a href="http://www.w3.org/2005/06/tracker/">documentation</a>).</p>

<p>The WG's Bugzilla instace is at: <a
href="http://www.w3.org/Bugs/Public/describecomponents.cgi?product=WebAppsSec">http://www.w3.org/Bugs/Public/describecomponents.cgi?product=WebAppsSec</a>
</p>

<h3 id="telecon">Telecon Resources</h3>

<p>Weekly teleconference: every other Tuesday, <a
href="http://www.timeanddate.com/worldclock/fixedtime.html?hour=22&amp;min=0&amp;sec=0&amp;p1=0">22:00-23:00
UTC</a>(14:00-15:00 PST)</p>

<p>The number for all calls on W3C Zakim bridge is +1.617.761.6200 then enter
conference passcode 92794 ('WASWG'). If you can't get into the bridge, dial *0
to speak to the operator — they can manually connect you. Zakim allows
participants to mute themselves by pressing 61# ("M" for mute, then "1" for on)
and unmute themselves with 60#.<br>
</p>

<p>It is possible to participate in meetings by telephone alone but
participants' interaction is substantially improved by also joining the <a
href="irc://irc.w3.org:6665/webappsec">#webappsec irc channel</a> or using the
<a href="http://www.w3.org/2001/01/cgi-irc">IRC Web interface</a> (see also the
<a href="http://www.w3.org/Project/IRC/">comprehensive help for IRC</a>). The
group makes use of the following agents: <a
href="http://www.w3.org/2001/12/zakim-irc-bot.html">zakim</a>, <a
href="http://www.w3.org/2002/03/RRSAgent">rrsagent</a>, and <a
href="http://www.w3.org/2005/06/tracker/">tracker</a>. </p>

<h3 id="list">Mailing list</h3>

<p>Technical discussion takes place on the Working Group discussion list,
public-webappsec@w3.org (<a
href="http://lists.w3.org/Archives/Public/public-webappsec/">archive</a>). This
is a public mailing list; to <a
href="mailto:public-webappsec-request@w3.org?subject=subscribe">subscribe to
the public-webappsec mailing list</a>, please check the <a
href="http://www.w3.org/Mail/Request">subscription procedure</a>.</p>

<form method="get" action="http://www.w3.org/Search/Mail/Public/search">
  <p>Search the archive <input name="type-index" value="public-webappsec"
  type="hidden"> <input name="index-type" value="t" type="hidden"> <input
  size="42" name="keywords" maxlength="100" value="" type="text"> 
  <input value="Search" name="search" type="submit"> <a
  href="http://www.w3.org/2002/02/mail-search-help" class="search">help</a> </p>
</form>

<h3 id="wiki">Wiki</h3>

<p>Proposals, experiments, etc. related to this WG's deliverables can be
discussed on the W3C Web Security Wiki at <a
href="http://www.w3.org/Security/wiki/Main_Page">http://www.w3.org/Security/wiki/Main_Page</a></p>

<p>The WG will begin work on Content Security Policy 1.1 concurrently with
moving 1.0 on the Recommendation track. Suggestions for features in 1.1 should
go to the wiki at: <a
href="http://www.w3.org/Security/wiki/Content_Security_Policy">http://www.w3.org/Security/wiki/Content_Security_Policy</a>.
Experimental implementations to accompany such suggestions are highly
encouraged. A brainstorm list of proposed directives is also available at <a
href="https://wiki.mozilla.org/Security/CSP/Strawman">https://wiki.mozilla.org/Security/CSP/Strawman</a></p>

<h3>Editors' Resources</h3>
<ul>
  <li><a
    href="http://lists.w3.org/Archives/Public/public-swd-wg/2006Nov/0015.html">W3C
    Tech Report editor's materials</a></li>
</ul>

<h3>General/Process Resources</h3>
<ul>
  <li><a href="http://www.w3.org/2005/10/Process-20051014/">World Wide Web
    Consortium Process Document</a> <small>14 October 2005</small></li>
  <li><a href="http://www.w3.org/Guide/">Art of Consensus Guide</a> <small>W3C
    member confidential</small></li>
  <li><a href="http://www.w3.org/Member/Mail/Overview.html">W3C Groups</a>, <a
    href="http://www.w3.org/2000/09/dbwg/details?group=49309">Participants</a>
    <small>W3C member confidential</small></li>
</ul>

<h3>Patent Disclosures</h3>

<p>W3C maintains a <a rel="disclosure"
href="http://www.w3.org/2004/01/pp-impl/49309/status">public list of any patent
disclosures</a> made in connection with the deliverables of the group; that
page also includes instructions for disclosing a patent.</p>

<h2 class="break" id="charter">Charter and History</h2>

<p>The WebAppSec Working Group operates under its initial <a
href="http://www.w3.org/2011/08/appsecwg-charter.html">charter</a>.</p>

<h2 id="group">Working Group Participants</h2>

<p>See: <a href="http://www.w3.org/2000/09/dbwg/details?group=49309">DBWG</a>
and <a href="http://www.w3.org/2004/01/pp-impl/49309/status">IPP</a> </p>

<div id="footer">
<address>
  Eric K Rescorla and Brad Hill, Chairs<br>
  Thomas Roessler, W3C Team contact<br>
  <small>$Date: 2012/01/11 22:05:28 $</small> 
</address>
</div>
<!-- footer end -->
</body>
</html>