- From: Wendy Seltzer <wseltzer@w3.org>
- Date: Wed, 18 Mar 2015 14:28:46 -0400
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
A big thank you to all who have helped us in re-chartering the WebAppSec WG, including to those whose change proposals might not have been included directly but will help to inform our ongoing work. Please note that since we have new deliverables, by patent policy, your AC reps will have to have your organizations re-join the group and re-nominate participants. And now, to the many deliverable tasks ahead! Thanks, --Wendy -------- Forwarded Message -------- Subject: Web Application Security Working Group Revised Charter Approved; join the Web Application Security Working Group (Call for Participation) Date: Wed, 18 Mar 2015 19:17:56 +0100 From: Coralie Mercier <coralie@w3.org> Dear Advisory Committee representative, Chairs, The Director is pleased to announce the re-charter of the Web Application Security Working Group, part of the Security Activity. The revised charter of this Working Group includes new deliverables that require W3C Patent Policy licensing commitments from all Participants. Consequently, all Participants must join or re-join the group, which involves agreeing to participate under the terms of the revised charter and the W3C Patent Policy. Current Participants may continue to attend meetings (teleconferences and face-to-face meetings) for 45 days after this announcement, even if they have not yet re-joined the group. After 45 days, ongoing participation (including meeting attendance and voting) is permitted only for those who have re-joined the group. If your organization wishes to join this group, please first review the group's charter: https://www.w3.org/2015/03/webappsec-charter-2015.html and homepage: http://www.w3.org/2011/webappsec/ Then use the following form to join the group; the form will also instruct you how to nominate participants: https://www.w3.org/2004/01/pp-impl/49309/join --- More about the Web Application Security Working Group: chairs: Brad Hill (Facebook) and Dan Veditz (Mozilla) homepage: http://www.w3.org/2011/webappsec/ team contact: Wendy Seltzer, .10 FTE The revised charter extends the group through December 2016 to continue developing security and policy mechanisms to improve the security of Web Applications and to enable secure cross-site communication. The group takes up new deliverables: Content Security Policy (CSP) Next; CSP Pinning; Upgrade Insecure Requests; Privileged Contexts; Referrer Policy; Credential Management; Suborigin Namespaces; Entry Point Regulation for Web Applications; Confinement with Origin Web Labels; Permissions API. --- Results of Call for Review --- We called for review of the revised charter 18 December, 2014: https://lists.w3.org/Archives/Member/w3c-ac-members/2013JulSep/0041.html Thanks to the 28 members who provided input: https://www.w3.org/2002/09/wbs/33280/WebAppSec-Recharter-2015/results In response to input received, we revised the charter to - clarify the descriptions of some new deliverables (Confinement with Origin Web Labels and Entry Point Regulation for Web Applications); - make explicit reference to deliverables on which work had begun under the group's current charter (CSP Pinning, Upgrade Insecure Requests, and Privileged Contexts (formerly known as "Powerful Features")); - make the "Privileged Contexts" deliverable a joint deliverable with the W3C Technical Architecture Group (TAG), separating its recommendations between a normative algorithm for determining if a given context is privileged, and non-normative advice on when a feature might designate itself as requiring a secure context; and - describe the group's asynchronous decision policy. These changes were brought to the attention of all reviewers. To the extent that Mozilla continues to raise a Formal Objection, the Director overrules that objection. This announcement follows section 8.1.2 of the W3C Process Document: http://www.w3.org/2005/10/Process-20051014/acreview#ACReviewAfter and the Call for Participation follows section 6.2.4 of the W3C Process Document: http://www.w3.org/2005/10/Process-20051014/groups#cfp Thank you, For Tim Berners-Lee, W3C Director, and Wendy Seltzer, Security Activity Lead; Coralie Mercier, Acting Head of W3C Marketing & Communications -- Coralie Mercier - W3C Communications Team - http://www.w3.org mailto:coralie@w3.org +336 4322 0001 http://www.w3.org/People/CMercier/
Received on Wednesday, 18 March 2015 18:28:48 UTC