Trusted Code for the Web
Existing security-related applications like authentication, payments, etc. are all based on that a core-part is executed by statically installed software that is supposed to be TRUSTED.
Since web-based applications are transiently downloaded, unsigned and come from any number of more or less known sources, such applications are by definition UNTRUSTED.
To compensate for this, web-based security-related applications currently rely on a hodge-podge of non-standard methods where trusted code is located somewhere outside of the actual web application.
Since each browser-vendor have had their own idea on what is secure and useful, interoperability has proven to be a major hassle, including the fact that the quest for locking down browsers (in order to make them more secure), also tends to break applications after browser updates.
Although security-related applications are interesting, they haven't proved to be a driver. Fortunately it has turned out that the desired capability ("Trusted Code"), is also used by massively popular music streaming services, cloud-based storage services and open source collaboration networks.
The goal for the proposed effort would be to define a vendor- and device-neutral solution for dealing with trusted code on the Web.
-----
This proposal is also supposed to be a replacement for a possible "smart cards for the web" effort