Web Application Security Working Group

Calendar of Events

Subscribe:   

Mission

As stated in its charter, the mission of the Web Application Security Working Group is to develop technical and policy mechanisms to improve the security of and enable secure cross-site communications for applications on Web.

Mailing List

The group's primary work mode is via discussion on a public mailing list: public-webappsec@w3.org | Subscribe | List Archives

Search the archive

Teleconferences

WebAppSec conducts a one hour, members-only teleconference every two weeks. See the calendar of events for the most current dates and times.

Use the W3C's Zakim conference bridge system:

+1.617.761.6200 code 92794 ('WASWG')

Participants in the teleconference are encouraged to please also join the #webappsec channel during the call. Connect to irc.w3.org:6665 with your favorite IRC client or use the web interface.

Bugs, Issues & Actions

Technical issues and actions for WG members can be managed on the group's tracker instance. (some features are member-only, see the full tracker documentation)

Some editors use the WG's GitHub repo to manage spec text bugs and pull requests. (technical issues and feature requests must go through the public mailing list first)

Recommendation-Track Drafts

Candidate Recommendation
15-November-2012
Brandon Sterne, Adam Barth
Mike West, Brad Hill
Succeeded by Content Security Policy Level 2
Last Call Working Draft
03-July-2014
Mike West, Dan Veditz, Adam Barth
Mike West, Brad Hill
Last Call Working Draft
18-March-2014
Giorgio Maone, David Lin-Shung Huang, Brad Hill
First Public Working Draft
18-March-2014
Frederik Braun, Devdatta Akhawe, Joel Weinberger, Mike West
First Public Working Draft
07-August-2014
Jochen Eisinger, Mike West
First Public Working Draft
22-July-2014
Mike West

W3C Recommendations

Recommendation
16-January-2014
Anne van Kesteren
Gopal Raghavan, Odin Hørthe Omdal

Non-Recommendation-Track Documents

Working Group Note
26-January-2010
Tyler Close, Mark Miller
Input document for Cross-Origin Resource Sharing from WebApps WG
No offical status
04-February-2011
John Kemp
Input and reference document

Administrative

Charter

The WebAppSec Working Group operates under a charter approved on 24-October-2013, extended until 31-December-2014.

Patent Disclosures

The W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent.

Chairs

Brad Hill (Facebook) and Daniel Veditz (Mozilla)

W3C Team Contact

Wendy Seltzer

Membership

(W3C Member-Only) See DBWG and IPP for a list of WG participants.

Liasons with Other Groups

Members and the public interested in this WG's work may also want to follow the W3C Web Security Interest Group and Web Cryptography Working Group as well as the Websec Working Group at the IETF.