index.html
12.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
</DOCTYPEhtmlPUBLIC"-//W3C//DTDXHTML1.0Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html
lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<link rel="stylesheet" href="http://www.w3.org/2011/webappsec/style.css"
type="text/css" media="all">
<style type="text/css" media="screen and (max-width:800px)">
body { margin:0;}
</style>
<link rel="stylesheet" href="http://www.w3.org/2011/webappsec/print.css"
type="text/css" media="print">
<style type="text/css" media="screen">
dl.items {margin: 1em 2em;}
dl.items dt {margin: 1.5em 0 0 1em;}
dl.items dt a {font-weight: bold;}
dl.items dd {margin: 0.5em 0 0 1em;}
acronym { border-bottom: black dashed 1px }
div#navigation li.current { color: white; font-weight: bold; }
input[type="text"] { border: 1px solid black }
/* From http://www.w3.org/2006/02/charter-style.css */
td.meeting { background: #FFE }
td.WD1 { background: #FED }
td.LC { background: #FCB }
td.CR { background: #FA9 }
td.PR { background: #F87 }
td.REC { background: #F60 }
/* From http://www.w3.org/2008/01/media-fragments-wg.html */
table.roadmap, tr.roadmap, th.roadmap, td.roadmap { border: 1px solid black; }
th.roadmap, td.roadmap { padding: 5px 1em; }
th.roadmap {
background : #005a9c;
color : #fff;
}
</style>
<title>Web Application Security Working Group</title>
</head>
<body>
<!-- abcd -->
<div id="header">
<span class="logo"><a href="/"><img src="/Icons/WWW/w3c_home_nb" alt="W3C"
height="48" width="72"></a></span> </div>
<div id="page">
<h1>Web Application Security Working Group</h1>
</div>
<h2 id="mission">Mission</h2>
<p>As stated in its <a
href="http://www.w3.org/2011/08/appsecwg-charter.html">charter</a>, the mission
of the Web Application Security Working Group is to develop security and policy
mechanisms to improve the security of Web Applications, and enable secure
cross-site communication.</p>
<p></p>
<p></p>
<div style="margin: 2em 0 0 1em; clear:both;">
<table
summary="This table has six rows. The right column is the milestone for a date on the left."
style="margin: 0 0 0 1em; font-size: .9em; text-align:left;">
<thead>
<tr>
<th rowspan="1" colspan="2" style="text-align:center;"><strong>Past and
Upcoming Events</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td rowspan="1" colspan="2">Weekly teleconference: <a
href="#telecon">every other Tuesday, 22:00-23:00 UTC (14:00-15:00
PST)</a>
<p>Next call: 2011-01-17</p>
</td>
</tr>
<tr>
<td class="date" rowspan="1" colspan="1">2011-12-19</td>
<td rowspan="1" colspan="1">Call for Consensus to advance CORS to Last
Call <a
href="http://lists.w3.org/Archives/Public/public-webappsec/2011Dec/0027.html">issued</a>.
</td>
</tr>
<tr>
<td class="date" rowspan="1" colspan="1">2011-12-1</td>
<td rowspan="1" colspan="1">Call for Exclusions for Content Security
Policy <a
href="http://lists.w3.org/Archives/Public/public-webappsec/2011Dec/0000.html">issued</a>.
Deadline 27 April 2012</td>
</tr>
<tr>
<td class="date" rowspan="1" colspan="1">2011-11-29</td>
<td rowspan="1" colspan="1">First Public Working Draft of <a
href="http://www.w3.org/TR/2011/WD-CSP-20111129/">Content Security
Policy</a> published</td>
</tr>
</tbody>
</table>
</div>
<h5>Also on this page → <a href="#deliverables">Publication Status</a> | <a
href="#resources">WG Resources</a> | <a href="#charter">Charter and History</a>
| <a href="#group">Participants</a> </h5>
<h2 class="break" id="deliverables">Publication Status</h2>
<table border="1" style="width: 100%">
<caption>API Specifications and Non-Normative Documents</caption>
<col>
<col>
<col>
<col>
<col>
<col>
<tbody>
<tr>
<td><strong>Name of Spec </strong>
<p><strong>(Editor's Draft)</strong></p>
</td>
<td><strong>Last Publication</strong></td>
<td><strong>Type</strong></td>
<td><strong>Remarks</strong></td>
<td><strong>Testing</strong></td>
<td><strong>Plans</strong></td>
</tr>
<tr>
<td><a href="http://www.w3.org/TR/CSP/">Content Security Policy</a></td>
<td>29-Nov-2011</td>
<td>WD</td>
<td>Editors: Brandon Sterne and Adam Barth</td>
<td></td>
<td></td>
</tr>
<tr>
<td><a href="http://www.w3.org/TR/cors/">Cross-Origin Resource
Sharing</a></td>
<td>27-July-2010</td>
<td>WD</td>
<td>Editor: Anne van Kesteren</td>
<td>Test Coordinator: Gopal Raghavan</td>
<td>CfC to go to LCWD issued 19-Dec-2011</td>
</tr>
<tr>
<td><a href="http://dev.w3.org/2006/waf/UMP/">Uniform Messaging Policy,
Level One</a></td>
<td>15-June-2010</td>
<td>Input document</td>
<td>Editors: Tyler Close and Mark Miller </td>
<td></td>
<td>Not on recommendation track at this time.</td>
</tr>
<tr>
<td><a
href="http://www.w3.org/2001/tag/2011/02/security-web.html">Security on
the Web</a></td>
<td>4-Feb-2011</td>
<td>Input document</td>
<td>summary by J. Kemp for the TAG - this document is not a TAG
Finding</td>
<td></td>
<td></td>
</tr>
</tbody>
</table>
<!--
<h3>Updated Schedule</h3>
<table class="roadmap">
<tbody>
<tr>
<th class="roadmap" rowspan="1" colspan="1">Specification</th>
<th class="roadmap" rowspan="1" colspan="1"><acronym
title="First Working Draft">FPWD</acronym></th>
<th class="roadmap" rowspan="1" colspan="1"><acronym
title="Last Call Working Draft">LC</acronym></th>
<th class="roadmap" rowspan="1" colspan="1"><acronym
title="Candidate Recommendation">CR</acronym></th>
<th class="roadmap" rowspan="1" colspan="1"><acronym
title="Proposed Recommendation">PR</acronym></th>
<th class="roadmap" rowspan="1" colspan="1"><acronym
title="Recommendation">Rec</acronym></th>
</tr>
<tr>
<th class="roadmap" rowspan="1" colspan="1">xxxx</th>
<td class="WD1" rowspan="1" colspan="1">-</td>
<td class="LC" rowspan="1" colspan="1">-</td>
<td class="CR" rowspan="1" colspan="1">-</td>
<td class="PR" rowspan="1" colspan="1">-</td>
<td class="REC" rowspan="1" colspan="1">-</td>
</tr>
</tbody>
</table>
-->
<h2 id="resources">Working Group Resources</h2>
<h3 id="work_mode">Work Mode</h3>
<p>This general practices of this WG are are documented on our <a
href="WorkMode.html">Work Mode Page</a>.</p>
<h3 id="minutes">Meeting Minutes</h3>
<p>DRAFT: Call of 20 Dec 2011: <a
href="http://www.w3.org/2011/webappsec/draft-minutes/20-webappsec-minutes.html">http://www.w3.org/2011/webappsec/draft-minutes/20-webappsec-minutes.html</a></p>
<p>Call of 06 Dec 2011: <a
href="http://www.w3.org/2011/12/06-webappsec-minutes.html">http://www.w3.org/2011/12/06-webappsec-minutes.html</a>
</p>
<p>Call of 22 Nov 2011: <a
href="http://www.w3.org/2011/11/01-webappsec-minutes.html">http://www.w3.org/2011/11/01-webappsec-minutes.html</a></p>
<p>TPAC 2011, Day 1: <a
href="http://www.w3.org/2011/10/31-webappsec-minutes.html">http://www.w3.org/2011/10/31-webappsec-minutes.html</a></p>
<p>TPAC 2011, Day 2: <a
href="http://www.w3.org/2011/11/01-webappsec-minutes.html">http://www.w3.org/2011/11/01-webappsec-minutes.html</a></p>
<h3 id="tracking">Actions/Issues tracking</h3>
<p>See the Working Group's <a
href="http://www.w3.org/2011/webappsec/track/">tracker instance</a> (Tracker's
<a href="http://www.w3.org/2005/06/tracker/">documentation</a>).</p>
<p>The WG's Bugzilla instace is at: <a
href="http://www.w3.org/Bugs/Public/describecomponents.cgi?product=WebAppsSec">http://www.w3.org/Bugs/Public/describecomponents.cgi?product=WebAppsSec</a>
</p>
<h3 id="telecon">Telecon Resources</h3>
<p>Weekly teleconference: every other Tuesday, <a
href="http://www.timeanddate.com/worldclock/fixedtime.html?hour=22&min=0&sec=0&p1=0">22:00-23:00
UTC</a>(14:00-15:00 PST)</p>
<p>The number for all calls on W3C Zakim bridge is +1.617.761.6200 then enter
conference passcode 92794 ('WASWG'). If you can't get into the bridge, dial *0
to speak to the operator — they can manually connect you. Zakim allows
participants to mute themselves by pressing 61# ("M" for mute, then "1" for on)
and unmute themselves with 60#.<br>
</p>
<p>It is possible to participate in meetings by telephone alone but
participants' interaction is substantially improved by also joining the <a
href="irc://irc.w3.org:6665/webappsec">#webappsec irc channel</a> or using the
<a href="http://www.w3.org/2001/01/cgi-irc">IRC Web interface</a> (see also the
<a href="http://www.w3.org/Project/IRC/">comprehensive help for IRC</a>). The
group makes use of the following agents: <a
href="http://www.w3.org/2001/12/zakim-irc-bot.html">zakim</a>, <a
href="http://www.w3.org/2002/03/RRSAgent">rrsagent</a>, and <a
href="http://www.w3.org/2005/06/tracker/">tracker</a>. </p>
<h3 id="list">Mailing list</h3>
<p>Technical discussion takes place on the Working Group discussion list,
public-webappsec@w3.org (<a
href="http://lists.w3.org/Archives/Public/public-webappsec/">archive</a>). This
is a public mailing list; to <a
href="mailto:public-webappsec-request@w3.org?subject=subscribe">subscribe to
the public-webappsec mailing list</a>, please check the <a
href="http://www.w3.org/Mail/Request">subscription procedure</a>.</p>
<form method="get" action="http://www.w3.org/Search/Mail/Public/search">
<p>Search the archive <input name="type-index" value="public-webappsec"
type="hidden"> <input name="index-type" value="t" type="hidden"> <input
size="42" name="keywords" maxlength="100" value="" type="text">
<input value="Search" name="search" type="submit"> <a
href="http://www.w3.org/2002/02/mail-search-help" class="search">help</a> </p>
</form>
<h3 id="wiki">Wiki</h3>
<p>Proposals, experiments, etc. related to this WG's deliverables can be
discussed on the W3C Web Security Wiki at <a
href="http://www.w3.org/Security/wiki/Main_Page">http://www.w3.org/Security/wiki/Main_Page</a></p>
<p>The WG will begin work on Content Security Policy 1.1 concurrently with
moving 1.0 on the Recommendation track. Suggestions for features in 1.1 should
go to the wiki at: <a
href="http://www.w3.org/Security/wiki/Content_Security_Policy">http://www.w3.org/Security/wiki/Content_Security_Policy</a>.
Experimental implementations to accompany such suggestions are highly
encouraged. A brainstorm list of proposed directives is also available at <a
href="https://wiki.mozilla.org/Security/CSP/Strawman">https://wiki.mozilla.org/Security/CSP/Strawman</a></p>
<h3>Editors' Resources</h3>
<ul>
<li><a
href="http://lists.w3.org/Archives/Public/public-swd-wg/2006Nov/0015.html">W3C
Tech Report editor's materials</a></li>
</ul>
<h3>General/Process Resources</h3>
<ul>
<li><a href="http://www.w3.org/2005/10/Process-20051014/">World Wide Web
Consortium Process Document</a> <small>14 October 2005</small></li>
<li><a href="http://www.w3.org/Guide/">Art of Consensus Guide</a> <small>W3C
member confidential</small></li>
<li><a href="http://www.w3.org/Member/Mail/Overview.html">W3C Groups</a>, <a
href="http://www.w3.org/2000/09/dbwg/details?group=49309">Participants</a>
<small>W3C member confidential</small></li>
</ul>
<h3>Patent Disclosures</h3>
<p>W3C maintains a <a rel="disclosure"
href="http://www.w3.org/2004/01/pp-impl/49309/status">public list of any patent
disclosures</a> made in connection with the deliverables of the group; that
page also includes instructions for disclosing a patent.</p>
<h2 class="break" id="charter">Charter and History</h2>
<p>The WebAppSec Working Group operates under its initial <a
href="http://www.w3.org/2011/08/appsecwg-charter.html">charter</a>.</p>
<h2 id="group">Working Group Participants</h2>
<p>See: <a href="http://www.w3.org/2000/09/dbwg/details?group=49309">DBWG</a>
and <a href="http://www.w3.org/2004/01/pp-impl/49309/status">IPP</a> </p>
<div id="footer">
<address>
Eric K Rescorla and Brad Hill, Chairs<br>
Thomas Roessler, W3C Team contact<br>
<small>$Date: 2012/01/11 22:05:28 $</small>
</address>
</div>
<!-- footer end -->
</body>
</html>