- From: Simone Onofri <simone@w3.org>
- Date: Sun, 10 May 2026 23:13:55 +0200
- To: public-security@w3.org
Dear Group, This is a Call for Consensus (CfC) for the Group that is publishing the “Threat Model for the Web” and enabling autopublish. [[ This document describes the Threat Model for the Web and the Web Security Model, highlighting data flows, trust boundaries, and applicable threats between the different entities that make up the Web platform. ]] The deliverable is available for inspection here: https://w3c.github.io/threat-model-web/ During the 2026-04-28 meeting, the participants had already agreed: https://github.com/w3c/securityig/blob/main/meetings/2026/2026-04-28_minutes.md#threat-model-for-the-web-dfd Although it is still a draft, it is important to place it in /TR so that it can be referenced in ETSI EN 304 617, particularly for Clause 4, product context/architecture, and Annex B, risk identification and assessment methodology. The editors are working on the tables and threats so that they can be submitted for TAG review as soon as possible. To ensure everyone has an opportunity to weigh in, this will serve as a record of the group's decision, one way or another. In response, please state one of the following: - I support the publishing of the "Threat Model for the Web”. - I do not support the publishing of the "Threat Model for the Web”, but it's fine if we decide to proceed - I object to the publication of the "Threat Model for the Web” due to Issues filed in the open issue <#number> of the https://github.com/w3c/threat-model-web/issues repository If there are no further objections, we will confirm the decision by 23:59 Pacific Time on 17 May 2026. Just so you know, if the deliverable is published, it will be marked as a First Public Draft Note, which does not imply W3C endorsement. Thank you, Simone
Received on Sunday, 10 May 2026 21:14:31 UTC