See also: Security Activity Statement
Security online is a vast field that is being worked on by a number of organizations, including W3C. Mapping the entire field would be a huge endeavor; hence, this page focuses on work that W3C is involved in.
The traditional W3C Security Resources page is no longer maintained, but remains online for archival purposes.
The Web Security Wiki serves as a place for interestd parties in the Web security community to collect information about security aspects of specifications and implementations of Web technologies.
The W3C Advisory Committee is currently reviewing a proposal to charter a Web Application Security Working Group and a Web Security Interest Group.
Both groups focus on security for complex Web Applications in general: The Interest Group picks up on the existing public-web-security mailing list, and provides a formal framework for it. The Web Application Security Working Group is intended to take up work on the informal work on the Content Security Policy specification and related work, and to lead the Cross-Origin Resource Sharing specification to Recommendation.
The goal of this work is to enable secure mash-ups, and to create a more robust Web security environment around light-weight policy expression that meshes with HTML5's built-in security policies.
The XML Signature Working Group was a successful joint effort of W3C and IETF to develop an XML compliant syntax used for representing the signature of Web resources and portions of protocol messages, and procedures for computing and verifying such signatures. The Working Group has concluded successfully. Its mailing list continues to operate.
Its deliverables included the Canonical XML 1.0 ("C14N")specification which was subsequently found incompatible with xml:id version 1.0 and XML Base. The XML Core Working Group (part of the XML Activity) has published Canonical XML 1.1 as a Proposed Recommendation which is currently under Advisory Committee Review.
For a more detailed discussion see Known Issues with Canonical XML 1.0. A proposal for propagating these changes to XML Signature Syntax and Processing is outlined in Using XML Digital Signatures in the 2006 XML Environment.
The XML Encryption Working Group was a successful effort to develop a process for encrypting/decrypting digital content (including XML documents and portions thereof) and an XML syntax used to represent the (1) encrypted content and (2) information that enables an intended recipient to decrypt it.
The XML Key Management Working Group developed a specification of XML application/protocol that allows a simple client to obtain key information (values, certificates, management or trust data) from a web service. The Working Group concluded successfully.
The XML Security Working Group is chartered to take next steps with the XML Security specifications, based on the results from the September 2007 Workshop on Next Steps for the XML Security Specifications (report).
While not formally part of the Security Activity, the Device APIs and Policy Working Group is chartered to specify a set of APIs for web applications and widgets that grant these applications access to security and privacy sensitive information and services. The group will also consider appropriate security frameworks and policies.
Thomas Roessler, Security Activity Lead