See also: Security Activity Statement
Security online is a vast field that is being worked on by a number of organizations, including W3C. Mapping the entire field would be a huge endeavor; hence, this page focuses on work that W3C is involved in.
The traditional W3C Security Resources page is no longer maintained, but remains online for archival purposes.
The Web Security Context Working Group (part of the Security Activity) is chartered to specify a baseline set of security context information that should be accessible to Web users, and practices for the secure and usable presentation of this information, to enable users to come to a better understanding of the context that they are operating in when making trust decisions on the Web.
This working group follows up on the March 2006 W3C Workshop on Transparency and Usability of Web Authentication (report).
The group has successfully finished a last call for its User Interface Guidelines specification, and expects to wrap up by the end of the year.
The XML Signature Working Group was a successful joint effort of W3C and IETF to develop an XML compliant syntax used for representing the signature of Web resources and portions of protocol messages, and procedures for computing and verifying such signatures. The Working Group has concluded successfully. Its mailing list continues to operate.
Its deliverables included the Canonical XML 1.0 ("C14N")specification which was subsequently found incompatible with xml:id version 1.0 and XML Base. The XML Core Working Group (part of the XML Activity) has published Canonical XML 1.1 as a Proposed Recommendation which is currently under Advisory Committee Review.
For a more detailed discussion see Known Issues with Canonical XML 1.0. A proposal for propagating these changes to XML Signature Syntax and Processing is outlined in Using XML Digital Signatures in the 2006 XML Environment.
The XML Encryption Working Group was a successful effort to develop a process for encrypting/decrypting digital content (including XML documents and portions thereof) and an XML syntax used to represent the (1) encrypted content and (2) information that enables an intended recipient to decrypt it.
The XML Key Management Working Group developed a specification of XML application/protocol that allows a simple client to obtain key information (values, certificates, management or trust data) from a web service. The Working Group concluded successfully.
The XML Security Working Group is chartered to take next steps with the XML Security specifications, based on the results from the September 2007 Workshop on Next Steps for the XML Security Specifications (report).
While not formally part of the Security Activity, the Device APIs and Policy Working Group is chartered to specify a set of APIs for web applications and widgets that grant these applications access to security and privacy sensitive information and services. The group will also consider appropriate security frameworks and policies.
Thomas Roessler, Security Activity Lead