W3C Web Security IG - Take away from our last call

Dear all,

Here is a take away of our discussions held last week, in W3C Web Security IG.


*         Participants : Hannes (ARM), Frederick and Art (Nokia), Terri and Alex (Intel), Christine (PING chair), Nick (W3C), Brad and Jeff (ebay/paypal), Virginie (gemalto and co-chair)

*         Hannes made a short report about STRINT Workshop which conclusion/action plan will be soon available (see https://www.w3.org/2014/strint/agenda.html for detailed minutes and presentations).

*         Specification security review is not active at the moment, but a new security spec is candidate for security comments : W3C Web Crypto API http://www.w3.org/blog/news/archives/3755

*         We discussed the possibility to draft some security guidelines dedicated to chairs and editors, to help them in addressing 'Security Considerations' in their deliverables. A draft wiki page is available here : https://www.w3.org/Security/wiki/IG/W3C_spec_review/Security_Guidelines#Draft_Security_Guidelines_for_chairs_and_editors  and is expecting your ideas.

*         Brad and Jeff presented the FIDO Alliance technology, exposing rationale and potential overlap with W3C activities.

The next call be held in one month (doodle to be set up), during which I suggest we cover i) W3C web payment workshop [1] debrief (with security perspective), ii) sys app security model as currently design in Sys App WG [2]. In the meantime, do not hesitate to discuss any web security related topic on the mailing list (specification, news, ...).  The wiki is also here to host your input : https://www.w3.org/Security/wiki/IG

Regards,
Virginie
Co-chair of the Web Security IG

[1] W3C Web Payment Workshop http://www.w3.org/2013/10/payments/
[2] Sys App WG http://www.w3.org/2012/sysapps/


________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus

Received on Thursday, 3 April 2014 14:20:27 UTC