W3C Group Participation Home

Web Application Security Working Group Patent Policy Status

Participation

W3C Member Organizations
  • Adobe Systems Inc. (2 representatives)
  • Akamai Technologies (3 representatives)
  • Alibaba Group (3 representatives)
  • Apple, Inc. (4 representatives)
  • AT&T (1 representative)
  • Baidu, Inc. (2 representatives)
  • Cable Television Laboratories Inc (1 representative)
  • China Mobile Communications Corporation (2 representatives)
  • Copper Horse Solutions Ltd (1 representative)
  • Deutsche Telekom AG (1 representative)
  • DigiCert SSL Certificate Authority (3 representatives)
  • Digital Bazaar (2 representatives)
  • Dropbox, Inc. (1 representative)
  • eBay (no representative)
  • Electronics and Telecommunications Research Institute (ETRI) (4 representatives)
  • Facebook (1 representative)
  • GitStar (1 representative)
  • Google, Inc. (13 representatives)
  • Imec vzw (1 representative)
  • Intel Corporation (2 representatives)
  • Microsoft Corp. (8 representatives)
  • MITRE Corporation (1 representative)
  • Mitsubishi Electric Corporation (1 representative)
  • Mozilla Foundation (7 representatives)
  • Opera Software AS (1 representative)
  • Pacific Northwest National Laboratory (1 representative)
  • PayPal (1 representative)
  • RITT (2 representatives)
  • Samsung Electronics Co., Ltd. (4 representatives)
  • Stanford University (1 representative)
  • Tencent (2 representatives)
  • Twitter, Inc. (2 representatives)
  • Verisign, Inc. (1 representative)
  • Viacom (2 representatives)
  • White Ops, Inc. (2 representatives)
  • Yandex (3 representatives)
Invited Experts
  • Niklas Andreasson
  • Malika Aubakirova
  • Giorgio Maone
  • Josh Soref
Team members
  • Xueyuan Jia
  • Wendy Seltzer
  • Michael[tm] Smith
  • Keiji Takeda

See also the list of individuals participating in this group.

Join or leave this group (see general instructions for joining this group). Advisory Committee Representatives of participating Members may also nominate or change representatives in the group.

The Call for Participation for this group was announced on 18 March 2015; see the Patent Policy FAQ for information about continued participation before re-joining the group.

Licensing Commitments

Participants in this group have made certain licensing commitments by joining the group. See the details about licensing commitments from current and past Participants and other parties.

W3C Members not participating in this group who wish to make the same licensing commitments for specifications developed by this group may do so through a form for licensing commitments from non-participating Members.

Other parties who wish to make the licensing commitments for this group should consult the instructions for non-Members to make licensing commitments for this group.

Specifications for this group

The following is the list of specifications produced by the Web Application Security Working Group that have associated disclosures obligations, and possibly licensing obligations under the W3C Patent Policy.

Drafts
Specification Policy Disclose Exclude Add licensing information Disclosure & exclusion
Content Security Policy 1.0 No longer/Not under W3C PP Disclose No exclusions since not under PPN/A N/A
Content Security Policy Level 2 W3C Disclose No open exclusion opportunity Add licensing information N/A
User Interface Security and the Visibility API W3C Disclose No open exclusion opportunity Add licensing information N/A
Mixed Content W3C Disclose No open exclusion opportunity Add licensing information N/A
Referrer Policy W3C Disclose No open exclusion opportunity Add licensing information N/A
Secure Contexts W3C Disclose No open exclusion opportunity Add licensing information N/A
Content Security Policy Pinning No longer/Not under W3C PP Disclose No exclusions since not under PPN/A N/A
Upgrade Insecure Requests W3C Disclose No open exclusion opportunity Add licensing information N/A
The Permissions API W3C Disclose No open exclusion opportunity Add licensing information N/A
Credential Management Level 1 W3C Disclose No open exclusion opportunity Add licensing information N/A
Entry Point Regulation No longer/Not under W3C PP Disclose No exclusions since not under PPN/A N/A
Clear Site Data W3C Disclose No open exclusion opportunity Add licensing information N/A
Confinement with Origin Web Labels W3C Disclose No open exclusion opportunity Add licensing information N/A
Content Security Policy: Cookie Controls No longer/Not under W3C PP Disclose No exclusions since not under PPN/A N/A
Content Security Policy: Embedded Enforcement W3C Disclose No open exclusion opportunity Add licensing information N/A
Content Security Policy Level 3 W3C Disclose No open exclusion opportunity Add licensing information N/A
Recommendations
Specification Policy Disclosures
Cross-Origin Resource Sharing
Jointly developed with Web Applications Working Group.		 W3CNone
Subresource Integrity W3CNone

See the detailed information on how to disclose a patent, how to exclude a patent claim and how to add licensing terms below.

Note: If a specification does not appear in this table, the group may have identified it as being "informative only." To add or modify an item in this table, please refer to the IPP instructions.

Patent Disclosures and Claim Exclusions

This section summarizes patent disclosures by participants in W3C's Web Application Security Working Group as required by section 6 of the 5 February 2004 W3C Patent Policy. Note: This disclosure mechanism applies to all W3C Working Groups after 15 February 2004, per the Patent Policy Transition Procedure.

W3C takes no position regarding either:

  1. the validity or scope of any intellectual property right or other rights that might be claimed to pertain to the implementation or use of the technology, or
  2. the extent to which any license under such rights might or might not be available from those not participating in this group.

W3C Members are obligated to disclose a patent when they receive a request for disclosure and have personal knowledge of the patent under the following conditions:

Where disclosure is required by a W3C Member, the AC Representative makes the disclosure.

Anyone else may also make a disclosure.

Known Disclosures

No patent disclosures have been made for any specifications of this group.

How to Make a Patent Disclosure

W3C Members and Invited Experts (including those not participating in this group) wishing to disclose a patent for any specification produced by the Web Application Security Working Group should use the Web Application Security Working Group patent disclosure form.

Disclosures from the general public should be sent to the Staff Contacts of this group.

For specifications developed under the W3C Patent Policy, parties that commit to the W3C Royalty-Free Licensing Terms are not required to disclose patents. Any party (not just the Working Group Participants) may commit to the W3C Royalty-Free Licensing Terms and may do so by following the instructions in the next section.

Claim Exclusions

Only Web Application Security Working Group participants may exclude patent claims concerning specifications developed under the W3C Patent Policy, per section 4 of the W3C Patent Policy. To make an exclusion, participants should use the Web Application Security Working Group patent claim exclusion form, but only after first disclosing the patent.

Exclusion Opportunities

The Patent Policy FAQ provides detailed information about exclusion opportunities, that is, when a Working Group Participant can exclude a patent claim.

Each exclusion opportunity has a duration. See section 4.1 of the W3C Patent Policy and section 2 of the Patent Policy Transition Procedure for information on how the exclusion deadline is calculated.

At each exclusion opportunity, Participants may exclude patent claims with respect to a body of text. The Reference Draft is the reference body of text for the current exclusion opportunity.

Note: At each new exclusion opportunity (e.g., in the case of a second Last Call), exclusions are only with respect to differences since the previous reference body of text. These differences may be less than an entire document, and the summary below does not (yet) address that granularity. Also, in some edge cases (discussed in the FAQ), Participants, depending on when they joined the Working Group, will have different Reference Drafts; the summary below does not reflect this case.

History of Exclusion Opportunities

Cross-Origin Resource Sharing
  1. Call for exclusion sent on 03 April 2012; opportunity ended on 31 August 2012
Content Security Policy 1.0
  1. Call for exclusion sent on 01 December 2011; opportunity ended on 27 April 2012
  2. Call for exclusion sent on 01 March 2012; opportunity ended on 27 April 2012
  3. Call for exclusion sent on 10 July 2012; opportunity ended on 08 September 2012
Content Security Policy Level 2
  1. Call for exclusion sent on 13 December 2012; opportunity ended on 12 May 2013
  2. Call for exclusion sent on 07 July 2014; opportunity ended on 01 September 2014
  3. Call for exclusion sent on 19 February 2015; opportunity ended on 20 April 2015
  4. Call for exclusion sent on 22 July 2015; opportunity ended on 19 September 2015
User Interface Security and the Visibility API
  1. Call for exclusion sent on 20 November 2012; opportunity ended on 19 April 2013
  2. Call for exclusion sent on 19 February 2013; opportunity ended on 19 April 2013
  3. Call for exclusion sent on 18 March 2014; opportunity ended on 17 May 2014
Subresource Integrity
  1. Call for exclusion sent on 18 March 2014; opportunity ended on 15 August 2014
  2. Call for exclusion sent on 12 November 2015; opportunity ended on 11 January 2016
Mixed Content
  1. Call for exclusion sent on 22 July 2014; opportunity ended on 19 December 2014
  2. Call for exclusion sent on 16 September 2014; opportunity ended on 19 December 2014
  3. Call for exclusion sent on 13 November 2014; opportunity ended on 12 January 2015
  4. Call for exclusion sent on 26 March 2015; opportunity ended on 16 May 2015
  5. Call for exclusion sent on 09 October 2015; opportunity ended on 07 December 2015
  6. Call for exclusion sent on 02 August 2016; opportunity ended on 01 October 2016
Referrer Policy
  1. Call for exclusion sent on 07 August 2014; opportunity ended on 04 January 2015
Secure Contexts
  1. Call for exclusion sent on 04 December 2014; opportunity ended on 03 May 2015
  2. Call for exclusion sent on 16 September 2016; opportunity ended on 14 November 2016
Content Security Policy Pinning
  1. Call for exclusion sent on 26 February 2015; opportunity ended on 01 January 1970
Upgrade Insecure Requests
  1. Call for exclusion sent on 26 February 2015; opportunity ended on 26 July 2015
  2. Call for exclusion sent on 09 October 2015; opportunity ended on 07 December 2015
The Permissions API
  1. Call for exclusion sent on 09 April 2015; opportunity ended on 04 September 2015
Credential Management Level 1
  1. Call for exclusion sent on 30 April 2015; opportunity ended on 27 September 2015
Entry Point Regulation
  1. Call for exclusion sent on 09 June 2015; opportunity ended on 01 January 1970
  2. Call for exclusion sent on 09 September 2015; opportunity ended on 01 January 1970
Clear Site Data
  1. Call for exclusion sent on 05 August 2015; opportunity ended on 01 January 2016
  2. Call for exclusion sent on 05 November 2015; opportunity ended on 01 January 2016
Confinement with Origin Web Labels
  1. Call for exclusion sent on 15 October 2015; opportunity ended on 13 March 2016
Content Security Policy: Cookie Controls
  1. Call for exclusion sent on 15 December 2015; opportunity ended on 01 January 1970
  2. Call for exclusion sent on 15 March 2016; opportunity ended on 01 January 1970
Content Security Policy: Embedded Enforcement
  1. Call for exclusion sent on 15 December 2015; opportunity ended on 13 May 2016
  2. Call for exclusion sent on 15 March 2016; opportunity ended on 13 May 2016
Content Security Policy Level 3
  1. Call for exclusion sent on 26 January 2016; opportunity ended on 24 June 2016

Additional Licensing Information

As described in section 5 of the W3C Patent Policy:

All Working Group participants are encouraged to provide a contact from which licensing information can be obtained and other relevant licensing information. Any such information will be made publicly available along with the patent disclosures for the Working Group in question.

Patent holders may:

  1. Provide additional licensing information for documents produced by this Working Group
  2. Provide the same additional licensing information for all documents with associated licensing obligations produced by this Working Group, or
  3. Provide additional licensing information for any W3C document with associated licensing obligations produced by any W3C Working Group under the W3C Patent Policy.

Please recall that, per section 5 of the W3C Patent Policy, a W3C Royalty-Free license:

may not impose any further conditions or restrictions on the use of any technology, intellectual property rights, or other restrictions on behavior of the licensee, but may include reasonable, customary terms relating to operation or maintenance of the license relationship such as the following: choice of law and dispute resolution.

Any additional licensing information that has been provided is listed below. The section below will be empty when no additional licensing information has been provided.

Note: All actions carried out through this system are reported by email to the relevant parties; copies are sent to w3c-archive@w3.org (Member-readable archive).

Maintained by Carine Bournez (carine@w3.org) (originally developed by Dominique Hazaël-Massieux).
$Id: status.php,v 1.291 2016/09/26 11:52:12 carine Exp $