forked from w3c/charter-drafts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwebsec-ig.html
437 lines (377 loc) · 18.4 KB
/
websec-ig.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="utf-8" />
<title>Web Security Interest Group Charter</title>
<link rel="stylesheet" href="https://www.w3.org/2005/10/w3cdoc.css" type="text/css" media="screen" />
<link rel="stylesheet" type="text/css" href="https://www.w3.org/Guide/pubrules-style.css" />
<link rel="stylesheet" type="text/css" href="https://www.w3.org/2006/02/charter-style.css" />
<style type="text/css">
ul#navbar {
font-size: small;
}
dt.spec {
font-weight: bold;
}
dt.spec new {
background: yellow;
}
ul.out-of-scope > li {
font-weight: bold;
}
ul.out-of-scope > li > ul > li{
font-weight: normal;
}
.issue {
background: cornsilk;
font-style: italic;
}
.todo {
color: red;
}
footer {
font-size: small;
}
</style>
</head>
<body>
<header id="header">
<aside>
<ul id="navbar">
<li><a href="#scope">Scope</a></li>
<li><a href="#deliverables">Deliverables</a></li>
<li><a href="#coordination">Coordination</a></li>
<li><a href="#participation">Participation</a></li>
<li><a href="#communication">Communication</a></li>
<li><a href="#decisions">Decision Policy</a></li>
<li><a href="#patentpolicy">Patent Disclosures</a></li>
<li><a href="#licensing">Licensing</a></li>
<li><a href="#about">About this Charter</a></li>
</ul>
</aside>
<p>
<a href="https://www.w3.org/"><img alt="W3C" height="48" src="https://www.w3.org/Icons/w3c_home" width="72" /></a>
</p>
</header>
<main>
<h1 id="title">*PROPOSED* Web Security Interest Group Charter</h1>
<p><b>Charter approved 11-1-2017 and updated in-place at <a href="https://www.w3.org/2011/07/security-ig-charter.html">https://www.w3.org/2011/07/security-ig-charter.html</a>.</b></p>
<p class="mission">The <strong>mission</strong> of the <a href="https://www.w3.org/Security/IG/">Web Security Interest Group</a> is to serve as a forum for discussions on improving standards and implementations to advance the security of the Web.</p>
<div class="noprint">
<p class="join"><a href="mailto:[email protected]?subject=subscribe">Join the Web Security Interest Group.</a></p>
</div>
<section id="details">
<table class="summary-table">
<tr id="Duration">
<th>
Start date
</th>
<td>
[when approved]
</td>
</tr>
<tr id="Duration">
<th>
End date
</th>
<td>
1 January 2019
</td>
</tr>
<!--
<tr class="todo">
<th>Charter extension</th>
<td>See <a href="#history">Change History</a>.
</td>
</tr>
-->
<tr>
<th>
Chairs
</th>
<td>
Virginie Galindo, Gemalto; Kepeng Li, Alibaba; Ryan Ware, Intel
</td>
</tr>
<tr>
<th>
Team Contacts
</th>
<td>
Wendy Seltzer (0.05 <abbr title="Full-Time Equivalent">FTE</abbr>) and Samuel Weiler (0.05 <abbr title="Full-Time Equivalent">FTE</abbr>), W3C
</td>
</tr>
<tr>
<th>
Meeting Schedule
</th>
<td>
<strong>Teleconferences:</strong> as-needed.
<br />
<strong>Face-to-face:</strong> we will meet during the W3C's annual Technical Plenary week.
</td>
</tr>
</table>
</section>
<section id="scope" class="scope">
<h2>Scope</h2>
<p>As the Web Platform around HTML5 emerges as a platform for sophisticated application development, security properties of both implementations and specifications become critical. This group provides a forum for technology designers, implementors, and other interested parties to work toward improving specifications and implementations to advance security of the Web overall. The group is, in particular, focused on the security properties of HTML5 and related APIs and technologies.</p>
</section>
<section id="deliverables">
<h2>
Deliverables
</h2>
<p>As an Interest Group, this group has no formal deliverables. The group may propose additional
standards work to the W3C and may publish Interest Group Notes on topics such as best
practices, analysis of security issues, and design considerations.</p>
<p>The Group intends to focus its work on three categories of effort:
<ul><li>Incubation: Discussing ideas for new Recommendation-track work; dispatching
promising ideas to a Community Group or Task Force; proposing drafts to W3C
for Working Group chartering.
<li>Horizontal Reviews: Assessing W3C drafts for security considerations and/or
publishing questionnaires or other guidance to enable self-review by working groups.
<li>Web Security Incident Review: Considering reported security incidents as
input, e.g., to correct patterns of error, threat modeling, and new spec development.
</ul>
</p>
</section>
<section id="coordination">
<h2>Coordination</h2>
<p>Technical coordination with the following Groups will be made, per the <a href="https://www.w3.org/2015/Process-20150901/#WGCharter">W3C Process Document</a>:</p>
<!--<p class="todo">In addition to the above catch-all reference to horizontal review which includes accessibility review, please check with chairs and staff contacts of the <a href="https://www.w3.org/WAI/APA/">Accessible Platform Architectures Working Group</a> to determine if an additional liaison statement with more specific information about concrete review issues is needed in the list below.</p>-->
<div>
<h3 id="w3c-coordination">W3C Groups</h3>
<!--
<dl>
<dt><a href="https://www.w3.org/2015/03/webappsec-charter-2015.html">Web Application Security Working Group</a></dt>
<dd>The Web Application Security Working Group is chartered to
design and specify technologies for policy expression, secure mash-ups, and secure
cross-site resource access.</dd>
<dt><a href="https://www.w3.org/2009/dap/">Device and Sensors Working Group</a></dt>
<dd>
The Device and Sensors Working Group is tasked to
create client-side APIs that enable the development of Web Applications
that interact with device hardware, sensors, services and applications
such as the camera, microphone, proximity sensors, native address books,
calendars and native messaging applications.
</dd>
<dt><a href="https://www.w3.org/WebPlatform/WG/">Web Platform Working Group</a></dt>
<dd>The <a href="http://www.w3.org/TR/html5/">HTML5</a>
specification defines the fundamental security framework for today's Web applications.</dd>
<dt><a href="https://www.w3.org/Webauthn/">Web Authentication Working Group</a></dt>
<dd>The Web Authentication Working Group is defining a client-side API providing
strong authentication functionality to Web Applications.</dd>
<dt><a href="https://www.w3.org/2010/webperf/">Web Performance Working Group</a></dt>
<dd>The Web Performance Working Group provides methods to measure aspects of
application performance of user agent features and APIs.</dd>
<dt><a href="https://www.w3.org/2012/webcrypto/">Web Cryptography Working Group</a></dt>
<dd>The Web Cryptography Working Group is chartered to define a high-level API providing
common cryptographic functionality to Web Applications.
</dd>
<dt><a href="https://www.w3.org/2008/xmlsec/">XML Security Working Group</a></dt>
<dd>The XML Security Working Group is chartered to perform necessary updates
of the XML Security specifications.
</dd>
<dt><a href="">Web of Things Working Group</a>, if chartered</dt>
<dd></dd>
<dt>other W3C groups</dt>
<dd>W3C Working Groups may ask this Interest Group to provide security review of
specifications.</dd>
</dl>
-->
<p>W3C Working Groups may ask this Interest Group to provide security review of
specifications.</p>
<h3 id="external-coordination">External Organizations</h3>
<dl>
<dt>As needed</dt>
<dd></dd>
</dl>
</div>
</section>
<section class="participation">
<h2 id="participation">
Participation
</h2>
<p>
Participation in the Web Security Interest Group is open to the public. Any person interested in this topic is welcome to participate in this Interest Group.
</p><p>
There are no minimum requirements for participation in this group: This IG is composed of the participants in the [email protected] mailing list.
</p><p>
The Chair may call occasional meetings consistent with the <a href="https://www.w3.org/Consortium/Process/policies#GeneralMeetings">W3C Process requirements for meetings</a>.
</p>
<p>
The group encourages questions, comments and issues on its public mailing lists and document repositories, as described in <a href='#communication'>Communication</a>.
</p>
</section>
<section id="communication">
<h2>
Communication
</h2>
<p id="public">
Technical discussions for this Interest Group are conducted in <a href="https://www.w3.org/2015/Process-20150901/#confidentiality-levels">public</a>.This group primarily conducts its work on the public mailing list [email protected].
</p>
<p>
Information about the group (including details about deliverables, issues, actions, status, participants, and meetings) will be available from the <a href="https://www.w3.org/Security/IG/">Web Security Interest Group home page.</a>
</p>
<!-- <p>
This group primarily conducts its technical work <i class="todo">pick one, or both, as appropriate:</i> on the public mailing list <a class="todo" id="public-name" href="mailto:public-[email-list]@w3.org">public-<i class="todo">[email-list]</i>@w3.org</a> (<a class="todo" href="http://lists.w3.org/Archives/Public/public-[email-list]/">archive</a>)
<i class="todo">or</i> on <a class="todo" id="public-github" href="[link to Github repo]">GitHub issues</a>.
The public is invited to review, discuss and contribute to this work.
</p>
<p>
The group may use a Member-confidential mailing list for administrative purposes and, at the discretion of the Chairs and members of the group, for member-only discussions in special cases when a participant requests such a discussion.
</p>
-->
</section>
<section id="decisions">
<h2>
Decision Policy
</h2>
<p>
This group will seek to make decisions through consensus and due process, per the <a href="https://www.w3.org/Consortium/Process/policies#Consensus"> W3C Process Document (section 3.3</a>). Typically, an editor or other participant makes an initial proposal, which is then refined in discussion with members of the group and other reviewers, and consensus emerges with little formal voting being required.</p>
<p>
However, if a decision is necessary for timely progress, but consensus is not achieved after careful consideration of the range of views presented, the Chairs may call for a group vote, and record a decision along with any objections.
</p>
<p>
To afford asynchronous decisions and organizational deliberation, any resolution (including publication decisions) taken in a face-to-face meeting or teleconference will be considered provisional.
A call for consensus (CfC) will be issued for all resolutions (for example, via email and/or web-based survey), with a response period from one week to 10 working days, depending on the chair's evaluation of the group consensus on the issue.
If no objections are raised on the mailing list by the end of the response period, the resolution will be considered to have consensus as a resolution of the Interest Group.
</p>
<p>
All decisions made by the group should be considered resolved unless and until new information becomes available, or unless reopened at the discretion of the Chairs or the Director.
</p>
<p>
This charter is written in accordance with the <a href="https://www.w3.org/Consortium/Process/policies#Votes">W3C Process Document (Section 3.4, Votes)</a>, and includes no voting procedures beyond what the Process Document requires.
</p>
</section>
<section id="patentpolicy">
<h2>Patent Disclosures </h2>
<p>The Interest Group provides an opportunity to
share perspectives on the topic addressed by this charter. W3C reminds
Interest Group participants of their obligation to comply with patent
disclosure obligations as set out in <a shape="rect" href="https://www.w3.org/Consortium/Patent-Policy/#sec-Disclosure">Section
6</a> of the W3C Patent Policy. While the Interest Group does not
produce Recommendation-track documents, when Interest Group
participants review Recommendation-track specifications from Working
Groups, the patent disclosure obligations do apply. For more information about disclosure obligations for this group,
please see the <a href="https://www.w3.org/2004/01/pp-impl/">W3C
Patent Policy Implementation</a>.</p>
</section>
<section id="licensing">
<h2>Licensing</h2>
<p>This Interest Group will use the <a href="https://www.w3.org/Consortium/Legal/copyright-software">W3C Software and Document license</a> for all its deliverables.</p>
</section>
<section id="about">
<h2>
About this Charter
</h2>
<p>
This charter has been created according to <a href="https://www.w3.org/Consortium/Process/groups#GAGeneral">section 5.2</a> of the <a href="https://www.w3.org/Consortium/Process">Process Document</a>. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.
</p>
<section id="history">
<h3>
Charter History
</h3>
<!-- <p class="issue"><b>Note:</b>Display this table and update it when appropriate. Requirements for charter extension history are documented in the <a href="https://www.w3.org/Guide/Charter#extension">Charter Guidebook (section 4)</a>.</p> -->
<p>The following table lists details of all changes from the initial charter, per the <a href="https://www.w3.org/2015/Process-20150901/#CharterReview">W3C Process Document (section 5.2.3)</a>:</p>
<table class="history">
<tbody>
<tr>
<th>
Charter Period
</th>
<th>
Start Date
</th>
<th>
End Date
</th>
<th>
Changes
</th>
</tr>
<tr>
<th>
<a href="https://www.w3.org/2016/11/websec-ig-charter-sept2011.html">Initial Charter</a>
</th>
<td>
7 September 2011
</td>
<td>
31 March 2013
</td>
<td>
</td>
</tr>
<tr>
<th>
<a href="https://www.w3.org/2016/11/websec-ig-charter-sept2013.html">Charter Extension</a>
<a href="https://lists.w3.org/Archives/Member/w3c-ac-members/2013JulSep/0041.html">(Announcement [member only])</a>
</th>
<td>
25 September 2013
</td>
<td>
31 March 2015
</td>
<td>
Virginie Galindo appointed as as co-chair; Team Contact changed from Thomas Roessler to Wendy Seltzer.
</td>
</tr>
<tr>
<th>
<a href="https://www.w3.org/2011/07/security-ig-charter.html">Charter Extension</a>
<a href="https://lists.w3.org/Archives/Member/w3c-ac-members/2015JulSep/0004.html">(Announcement [member only])</a>
</th>
<td>
7 July 2015
</td>
<td>
30 June 2016
</td>
<td>
Adam Barth stepped down as co-chair.
</td>
</tr>
<tr>
<th>
<a href="">Rechartered</a>
</th>
<td>
[when approved]
</td>
<td>
1 January 2019
</td>
<td>
Added Kepeng Li and Ryan Ware as co-chairs; added Samuel Weiler as team contact
</td>
</tr>
</tbody>
</table>
</section>
</section>
</main>
<hr />
<footer>
<address>
<a href="mailto:[email protected]">Samuel Weiler</a>
</address>
<p class="copyright">
<a href="https://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> ©
2016
<a href="https://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup>
(
<a href="https://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>,
<a href="https://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>,
<a href="https://www.keio.ac.jp/">Keio</a>,
<a href="http://ev.buaa.edu.cn/">Beihang</a>
), All Rights Reserved.
<abbr title="World Wide Web Consortium">W3C</abbr> <a href="https://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="https://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="https://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.
</p>
<p>
<!-- $Date: 2015/04/30 16:53:49 $ -->
</p>
</footer>
</body>
</html>