News Release: W3C to Hold Workshop on Web Security Issues from Janet Daly on 2005-12-15 (w3c-news@w3.org from October to December 2005)

From: Janet Daly <janet@w3.org>
Date: Thu, 15 Dec 2005 06:54:25 -0800
To: w3c-news <w3c-news@w3.org>
Message-ID: <43A183A1.3000002@w3.org>
Today, W3C has sent out a Call for Participation for its upcoming 
workshop on Web Security, with a focus on identifying methods to make 
secure, trustworthy browsing easy. For more information on this 
workshop, please contact Janet Daly, +1 617 253 5884 <janet@w3.org> or 
the W3C Communications Team representative in your area.


World Wide Web Consortium To Hold Workshop on Transparency and Usability 
of Web Authentication

Area Experts to Examine Potential Methods for Creating a Secure Web


http://www.w3.org/ -- 15 December 2005: The World Wide Web Consortium 
(W3C) announces its Workshop "Toward a More Secure Web -- W3C Workshop 
on Transparency and Usability of Web Authentication." The Call for 
Participation solicits position papers from Web security experts, 
software developers, browser manufacturers and their customers regarding 
usability and transparency of Web authentication. The goal is to 
identify methods to make secure, trustworthy browsing easy. Position 
papers can be submitted by email until 25 January 2006.

The Workshop takes place in New York City, USA, on 15 and 16 March 2006, 
and is hosted by Citigroup.

Secure browsing must be easier to do

Gaps in practical security on the Web make all users easy targets for 
fraud. Despite broad availability of security technologies, the Web 
community (browser developers, Web site operators, users) lack agreement 
on how to help avoid the most basic types of fraud. For example, Web 
users often cannot tell whether a Web site is really what it claims to 
be. All users deserve Web security that is convenient to use, and easy 
to understand.

Current solutions don't make users aware of critical information

Web security today critically depends on Transport Layer Security (TLS), 
an IETF protocol that is wrapped around HTTP transactions to provide 
endpoint authentication and communications privacy. Ongoing "phishing" 
attacks demonstrate that these security measures fail in practice: while 
the currently available mechanisms are technically solid, 
implementations often don't succeed in making users aware what kind of 
security is actually in place, and with whom they are actually 
communicating. As a result, attackers can bypass these security 
mechanisms without users noticing.

W3C brings together browser developers, researchers, and end users to 
identify concrete issues with transparent, usable, and effective Web 
Security

In order to improve the security of the Web as people use it today, W3C 
is convening a diverse community of users and developers to consider 
leading security use cases and identify concrete actions to take. The 
Workshop is chaired by Daniel Schutzer (Citigroup), and Thomas Roessler 
(W3C). The Program Committee includes representation from America Online 
Inc (AOL), Apple Computer, Bar-Ilan University, Carnegie Mellon 
University, the Center for Democracy and Technology (CDT), Columbia 
University, Comodo, Financial Services Technology Consortium (FSTC), 
Graz University of Technology, Microsoft, Mozilla, Ruhr-Universität 
Bochum, (SIZ), Sun Microsystems, KDE project, New York University, 
Opera, and VeriSign.

This Workshop aims to concretely identify a range of issues faced by 
those who wish to use the Web as a secure environment for tasks ranging 
from basic browsing to the most specialized application. In particular, 
the participants will look at ways to help address the current threats 
on the Web that are caused by the present lack of comprehensible and 
transparent Web authentication. The Workshop is expected to focus on 
near-term improvements that can be realized in browsers and through best 
practices coordinated between browser vendors and e-commerce service 
providers. Experiences and use cases from the financial services 
industry are expected to inform the discussion.

More information about the Workshop is available from the Workshop home 
page.

Contact Americas, Australia --
     Janet Daly, <janet@w3.org>, +1.617.253.5884 or +1.617.253.2613
Contact Europe, Africa and the Middle East --
     Marie-Claire Forgue, <mcf@w3.org>, +33.492.38.75.94
Contact Asia --
     Yasuyuki Hirakawa <chibao@w3.org>, +81.466.49.1170

About the World Wide Web Consortium [W3C]

The W3C was created to lead the Web to its full potential by developing 
common protocols that promote its evolution and ensure its 
interoperability. It is an international industry consortium jointly run 
by the MIT Computer Science and Artificial Intelligence Laboratory (MIT 
CSAIL) in the USA, the European Research Consortium for Informatics and 
Mathematics (ERCIM) headquartered in France and Keio University in 
Japan. Services provided by the Consortium include: a repository of 
information about the World Wide Web for developers and users, and 
various prototype and sample applications to demonstrate use of new 
technology. Over 400 organizations are Members of the Consortium. For 
more information see http://www.w3.org/
Received on Thursday, 15 December 2005 15:02:21 UTC