W3C home > Mailing lists > Public > public-sysapps@w3.org > March 2015

Charter Proposal: "Trusted Code" for the Web

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 18 Mar 2015 07:34:24 +0100
Message-ID: <55091C70.5000107@gmail.com>
To: sysapps <public-sysapps@w3.org>
Trusted Code for the Web

Existing security-related applications like authentication, payments, etc. are all based on that a core-part is executed by statically installed software that is supposed to be TRUSTED.

Since web-based applications are transiently downloaded, unsigned and come from any number of more or less unknown sources, such applications are by definition UNTRUSTED.

To compensate for this, web-based security-applications currently rely on a hodge-podge of non-standard methods where trusted code resides (and executes) somewhere outside of the actual web application.

However, because each browser-vendor have had their own idea on what is secure and useful, interoperability has proven to be a major hassle.  In addition, the ongoing quest for locking down browsers (in order to make them more secure), tends to break applications after browser updates.

Although security-applications are interesting, they haven't proved to be a driver.  Fortunately it has turned out that the desired capability ("Trusted Code"), is also used by massively popular music streaming services, cloud-based storage services and open source collaboration networks.

The goal for the proposed effort would be to define a vendor- and device-neutral solution for dealing with trusted code on the Web.
Received on Wednesday, 18 March 2015 06:35:15 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 18 March 2015 06:35:16 UTC