W3C home > Mailing lists > Public > public-web-security@w3.org > October 2015

Re: Draft security charters for discussion at TPAC

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 23 Oct 2015 14:00:17 +0200
To: Wendy Seltzer <wseltzer@w3.org>, "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <562A2151.6070304@gmail.com>
On 2015-10-23 11:05, Wendy Seltzer wrote:
> Hi Web Security,
>
> Last year, we announced work in progress on new security work-areas,
> then proposed as a re-chartering of the Web Cryptography Working Group.[1]
>
> WebCrypto is concluding its work and we have identified two distinct
> areas of potential new work: Web Authentication and Hardware-Based
> Security. We propose to discuss draft charters for this work in a
> plenary day breakout at TPAC (Wednesday).[2]
>
> Web Authentication (based on an anticipated submission from FIDO 2):
>    https://w3c.github.io/websec/web-authentication-charter

 From what I can deduct, Liaison organizations like the W3C can only participate as observers and all information gathered remains confidential until is is declared as public.

In addition, practically all W3C member organizations (and many more) interested in Web security, are already FIDO members.


> Hardware-Based Security:
>    https://w3c.github.io/websec/hwsec-charter

What kind of information do you have today which apparently wasn't available [1] earlier this year?

There's no lack of charters, the problem is rather a very limited member engagement when it comes to proposing and discussing something that maybe could be implemented as well.

It would be better if the W3C (and its members) realized that HW-security and authentication are already "taken" by the FIDO alliance and the IETF.

I would personally be much more concerned by the Web Payment WG which just entered a specification phase without a single agreed-upon draft on the table.

Anders

1] https://lists.w3.org/Archives/Public/public-web-security/2015Feb/0034.html

>
> We look forward to discussion at TPAC, here, and via github pull requests.
>
> Best,
> --Wendy
>
>
> [1] https://lists.w3.org/Archives/Member/w3c-ac-members/2014JulSep/0049.html
> [2]
> https://www.w3.org/wiki/TPAC/2015/SessionIdeas#Web_Authentication_and_Security
>
Received on Friday, 23 October 2015 12:00:48 UTC

This archive was generated by hypermail 2.3.1 : Friday, 23 October 2015 12:00:49 UTC