W3C Web Security IG - minutes of the december 2013 call and next steps from GALINDO Virginie on 2014-01-08 (public-web-security@w3.org from January 2014)

From: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
Date: Wed, 8 Jan 2014 15:10:18 +0100
To: "public-web-security@w3.org" <public-web-security@w3.org>
CC: Adam Barth <abarth@gmail.com>, Wendy Seltzer <wseltzer@w3.org>
Message-ID: <239D7A53E5B17B4BB20795A7977613A401E2D043701F@CROEXCFWP04.gemalto.com>

Hi Web Security IG,

Hope you all had great time since our last call on 18th of December.

You will find here a take away of our discussions, this does not replace the detailed minutes of the call which can be found under http://www.w3.org/2013/12/18-websec-minutes.html
People present : Andy (Verisign), Art (Nokia), Brad (Paypal, W3C WebAppSec co-chair), Christine (ISOC, W3C PING co-chair), Fan (Irdeto), Frederik (Nokia), ), Harry (W3C), Karen (ISOC, IETF), Larry (Adobe), Manu (digital bazaar), , Nick D (W3C), Nick V (Inventive Design), Virginie (gemalto, co-chair Web Security IG, W3C web crypto WG co-chair), Wendy (W3C).  Thanks to Manu and Nick D for scribing.

About what can be done by the IG, several ideas were expressed

-          Reviewing the specifications from W3C (aka HTML EME, Promise, Service Worker) and outside (HTTP Auth, Web RTC in IETF). Associate idea was to benchmark what is done in IETF review.

-          Building knowledge, by studying and explaining the interaction between the different technologies under discussion in W3C, IETF, FIDO, ...., by describing the web threat model, by sharing news

-          Building a larger security community (by liaising with other security focused groups like IETF websec, by having appropriate material explaining the IG objective and milestones, by facilitating IE status for security experts)

-          Influence the W3C process to facilitate a systemic security review (together with a privacy review)



Some interesting event

-          W3C and IAB are organizing a workshop on strengthening the web STRINT [1], presence is binded to an expression of interest. This workshop will be interesting to attend, to hear security gaps expressed by the participants, and possible W3C implication/topics of interest.


About the IG next steps

-          Revamp the wiki to reflect the possible action plan -> Virginie (but of course anyone can contribute to the wiki http://www.w3.org/Security/wiki/IG)

-          Schedule a call for January, arrange agenda -> Virginie, coming soon

-          Volunteers to lead specific effort -> all !



In the meantime, note that you can promote the revival of this IG and encourage people to come and see us.



Regards,

Virginie

Co-chair of the W3C Web Security IG


________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus

Received on Wednesday, 8 January 2014 14:10:46 UTC