Fwd: Web Application Security Working Group Revised Charter Approved; join the Web Application Security Working Group (Call for Participation)

A big thank you to all who have helped us in re-chartering the WebAppSec
WG, including to those whose change proposals might not have been
included directly but will help to inform our ongoing work.

Please note that since we have new deliverables, by patent policy, your
AC reps will have to have your organizations re-join the group and
re-nominate participants.

And now, to the many deliverable tasks ahead!


-------- Forwarded Message --------
Subject: Web Application Security Working Group Revised Charter
Approved; join  the Web Application Security Working Group (Call for
Date: Wed, 18 Mar 2015 19:17:56 +0100
From: Coralie Mercier <coralie@w3.org>

Dear Advisory Committee representative,

The Director is pleased to announce the re-charter of the Web Application
Security Working Group, part of the Security Activity.

The revised charter of this Working Group includes new deliverables that
require W3C Patent Policy licensing commitments from all Participants.
Consequently, all Participants must join or re-join the group, which
involves agreeing to participate under the terms of the revised charter
and the W3C Patent Policy. Current Participants may continue to attend
meetings (teleconferences and face-to-face meetings) for 45 days after
this announcement, even if they have not yet re-joined the group. After 45
days, ongoing participation (including meeting attendance and voting) is
permitted only for those who have re-joined the group.

If your organization wishes to join this group, please first review the
group's charter:

and homepage:

Then use the following form to join the group; the form will also instruct
you how to nominate participants:

More about the Web Application Security Working Group:
 chairs: Brad Hill (Facebook) and Dan Veditz (Mozilla)
 homepage: http://www.w3.org/2011/webappsec/
 team contact: Wendy Seltzer, .10 FTE

The revised charter extends the group through December 2016 to continue
developing security and policy mechanisms to improve the security of Web
Applications and to enable secure cross-site communication.

The group takes up new deliverables: Content Security Policy (CSP) Next;
CSP Pinning; Upgrade Insecure Requests; Privileged Contexts; Referrer
Policy; Credential Management; Suborigin Namespaces; Entry Point
Regulation for Web Applications; Confinement with Origin Web Labels;
Permissions API.

Results of Call for Review
We called for review of the revised charter 18 December, 2014:
Thanks to the 28 members who provided input:

In response to input received, we revised the charter to
- clarify the descriptions of some new deliverables (Confinement with
Origin Web Labels and Entry Point Regulation for Web Applications);
- make explicit reference to deliverables on which work had begun under
the group's current charter (CSP Pinning, Upgrade Insecure Requests, and
Privileged Contexts (formerly known as "Powerful Features"));
- make the "Privileged Contexts" deliverable a joint deliverable with the
W3C Technical Architecture Group (TAG), separating its recommendations
between a normative algorithm for determining if a given context is
privileged, and non-normative advice on when a feature might designate
itself as requiring a secure context; and
- describe the group's asynchronous decision policy.

These changes were brought to the attention of all reviewers. To the
extent that Mozilla continues to raise a Formal Objection, the Director
overrules that objection.

This announcement follows section 8.1.2 of the W3C Process Document:

and the Call for Participation follows section 6.2.4 of the W3C Process

Thank you,

For Tim Berners-Lee, W3C Director,
and Wendy Seltzer, Security Activity Lead;
Coralie Mercier, Acting Head of W3C Marketing & Communications

 Coralie Mercier  -  W3C Communications Team  -  http://www.w3.org
mailto:coralie@w3.org +336 4322 0001 http://www.w3.org/People/CMercier/

Received on Wednesday, 18 March 2015 18:28:48 UTC