An important factor in the growth of the Web is the trust that can be placed in the quality, provenance, reliability, and privacy of information available from or transferred over the Web. The Web, while relying on the underlying security offered by the Internet, has trust and security problems related to the needs of applications, and these cannot be supplied strictly at the network level. The World Wide Web Consortium is concerned with the evolution of the Web, and that requires understanding the security and trust requirements placed on the applications that use the Web. We must both understand the problems and work with our members to contribute to the solutions. The proposed Security Interest Group is a forum designed to allow the members to share information with the Consortium staff and other members about:
The Interest Group meets three times a year for two years, with meetings spread across North America, Europe, and Asia/Pacific. There will also be an on-going email list associated with the Interest Group. There is no required resource commitment beyond attendance at any or all of the meetings, although registration is required for each meeting.
The Interest Group has no decision-making authority and is strictly advisory to the W3C staff. Nonetheless, we expect it to be the forum from which we will draw participants in the design of briefing packages for work related to Security and Trust. It will also serve to help refine the requirement of any technical work in this area to be undertaken by W3C.
In the past, W3C has sponsored a "security working group" which has had a number of meetings and which lead to the creation of the Digital Signature Initiative (DSig) project. The group last met in Stockholm in November, 1996. This package regularizes the Interest Group according to the newly created W3C Process Document.
This is a proposal for a forum in which W3C Members may exchange ideas about security and trust on the Web. The primary goal is to act as an information exchange mechanism between members and from members to the W3C staff. It offers an opportunity for the membership to inform the staff and other members of their concerns and priorities in this domain. Topics of discussion are likely to include the technology, user scenarios, application security requirements, and work in related areas.
The purpose of the Interest Group is to act as an information interchange mechanism among its participants. The Interest Group will meet roughly every four months and will expire after two years. All meetings will be announced (with a tentative agenda and time and location of the meeting) at least four weeks prior to the meeting. Informal reports from the meetings will be provided to the W3C staff and the full Advisory Committee shortly after each meeting.
Between meetings, Interest Group members may use archived e-mail lists to raise questions or discuss issues related to security and trust, as well as the role of the W3C in this area. The Interest Group will be supported by a Web page that will have this briefing package, links to the email lists, and meeting logistics. As part of the Web page, we are investigating methods for encouraging interactive discussions, membership comments, responses and feedback.
The Chairperson of the Interest Group will be a W3C staff member (initially Jim Miller, Domain Leader for Technology and Society). No decisions that affect the W3C can be made within the Interest Group, however proposals may be created and submitted to the full membership for voting if appropriate. The face-to-face meetings will be organized by the Chairperson to be consistent with their agendas and maximize the Staff's ability to learn from the forum.
W3C staff will be assigned as follows:
Interest Group Chairperson: 5% (Jim Miller)
Administration: 5% (Susan Hardy)
Staff funding for this Project will come from W3C membership dues.
Each member company choosing to participate in the Interest Group is expected to identify one or more individuals who will contribute to the group discussions. Members may send any number of representatives to meetings of the Interest Group, but space constraints may limit the total number of participants. No a priori commitments to the Interest Group are required. Commitments to aid in the conduct of the business of the Interest Group -- such as hosting a meeting, helping with a report or proposal -- will be welcome. While the representative from a member organization can change from meeting to meeting (especially because of the geographic rotation of the meetings) it is best to avoid this if possible.
Note: All of the meetings of the Security Interest Group are full day meetings. The day prior to each meeting is a meeting of the Electronic Commerce Interest Group. Each year, one meeting is co-located with the International World Wide Web Conference and held on the Sunday following the conference (the first meeting is on the Saturday, not the Sunday). The remaining meetings are on a Thursday. Hosts are encouraged to sponsor a full week of meetings and will have an opportunity to suggest additional events, which they find particularly important, for Monday and Friday.
Saturday 12 April 1997 Sunnyvale, CA, USA (6th
International World Wide Web Conference). See accompanying Call for
Participation for details.
Thursday 4 September 1997 Brussels, Belgium
Thursday 8 January 1998 Seattle, WA, USA (Microsoft host)
Wednesday 22 April 1998 Brisbane, Australia (7th International
World Wide Web Conference)
Thursday 22 October 1998 Boston, MA, USA (W3C/MIT host)
Thursday 25 February 1999 Geneva?, Europe
Sunday 6 June 1999 Toronto, Canada (8th International World Wide
Web Conference).
Thursday 23 September 1999 Tokyo?, Japan?
This Interest Group does not expect to depend on any pre-existing intellectual property, although members and W3C staff are free to discuss their own property under the usual rules for public disclosure. No specifications will be produced. Ownership of white papers, presentations, etc. directly resulting from the Interest Group is jointly held by the authors and the W3C.
Jim Miller <JMiller>
WebmasterSecurity Interest Group
Dear Advisory Committee Member,
This Call for Participation (CFP) and respective briefing package ( http://www-swiss.ai.mit.edu/~jmiller/securityig.htm) constitute the W3C Staff's suggestion for creating an effective discussion forum. The goal is to discuss security and trust on the Web, and define W3C's role in this area.
Key points for consideration:
PARTICIPATION
The first meeting will be held in conjunction with the 6th International World Wide Web Conference. The W3C Security Interest Group is meeting on Saturday, 12 April 1997. The first meeting of the Security Interest Group will be hosted by JavaSoft and held:
Saturday 12 April 1997
8:30am to 5:30pm
Java Soft
Crossroads Conference Room
Building 11
Menlo Park, CA
USA
Registration is through the URL http://www.w3.org/SOMETHING and must be completed by 6pm EST on Friday 4 April 1997 (one week prior). There is no fee for participation in the Interest Group, and the Interest Group meeting is open only to W3C members (and special guests invited by the Chairperson of the group).
Agenda:
The goal of this meeting is to understand how the individual components of the security puzzle fit together as a whole to solve user problems. The speakers have not yet confirmed, but the overall agenda is as follows.
8:30am - 9:00am: Continental Breakfast
9:00am - 9:15am: Introduction and welcome
Jim Miller, W3C Domain Leader for Technology and Society
9:15am - 10:00am: Keynote: The Big Picture
David Watts, Arthur Anderson
10:00am - 10:30am: Certificate Authorities
10:30am - 11:00am: Directory services
11:00am - 11:30am: Coffee break
11:30am - noon Digital Signature Initiative
Philip DesAutels, W3C Project Manager
noon - 12:30pm: Smart Cards
12:30pm - 1:30pm: Lunch
1:30pm - 2:00pm: PKCS-7 and Signatures
2:00pm - 2:30pm: PGP signatures and certificates
2:30pm - 3:00pm: Overall Architectures
3:00pm - 4:00pm: Panel Session: Putting It All Together
Bob Schloss, IBM
Philip DesAutels, W3C
David Watts, Anderson Consulting
others TBA
4:00pm - 5:00pm: Group Discussion
Jim Miller, moderator
5:00pm - 5:30pm: Closing Remarks
Summary notes will be summarized and distributed to attendees and the W3C Advisory Committee.
Future meetings:
Thursday 4 September 1997 Brussels, Belgium
Thursday 8 January 1998 Seattle, WA, USA (Microsoft host)
Wednesday 22 April 1998 Brisbane, Australia (7th International
World Wide Web Conference)
Thursday 22 October 1998 Boston, MA, USA (W3C/MIT host)
Thursday 25 February 1999 Geneva?, Europe
Sunday 6 June 1999 Toronto, Canada (8th International World Wide
Web Conference).
Thursday 23 September 1999 Tokyo?, Japan?
PROCEDURE:
PARTICIPATION PROPOSAL FORM
First Name:
Last Name:
Email Address:
Employer:
Mark if you plan to participate in the Security Interest Group. The success of this interest group depends on your active participation.
[ ] Security Interest Group
We will be willing to provide the following personnel resources to participate in the Security Interest Group:
We have intellectual property rights related to the Security Interest Group, and will dispose of them as follows:
We will participate only under the following conditions:
Other items to be considered by the W3C Director: