W3C Launches Secure Browsing Initiative

Recognizing the challenges people face when browsing the Web, W3C today launched an initiative to build a foundation for a more secure Web. The new Web Security Context Working Group will propose standards that will enable browsers to do a much better job helping people make proper trust decisions.

“When I'm browsing the Web, I want my browser to help me understand who really is the owner of a Web page,” said Tim Berners-Lee, W3C Director. “There is much deployed and proven security technology, but we now need to connect it all the way through to the Web user. A Web browser acts on my behalf as I surf the Web, and I need more help from it to avoid being spoofed.”

The group's mission is threefold: to build consensus around what information people need from browsers in order to understand their “security context,” to find innovative ways to present this information and raise awareness, and to suggest ways to make browsers less susceptible to spoofing of user interfaces that are used to convey critical security information to end users.

Successful Security Workshop Culminates in Focus on Security Context

W3C chartered this new work after a successful Workshop on Usability and Transparency of Web Authentication in March 2006 (see press release). That Workshop paired Google, HP, IBM, KDE, Microsoft, Mozilla, Nokia, Opera, Sun Microsystems, VeriSign, Yahoo! and many other organizations with leaders of the online finance community to learn about real world threats.

The Workshop demonstrated that there is significant interest in the areas of secure interfaces and the data required from content providers to enable those interfaces. W3C therefore anticipates strong participation by browser vendors, security experts, research institutes, financial institutions, and end users in the new group. The group will also coordinate with other organizations that have expertise in this area, including the IETF, OASIS, and Liberty Alliance.

The charter of the Web Security Context Working Group is the result of public discussion and review. Per the charter, the group will continue to conduct its technical work in public and will operate under the W3C Royalty-Free Patent Policy. Mary Ellen Zurko of IBM serves as Chair of the Web Security Context Working Group. The group is part of W3C's Security Activity, led by Thomas Roessler.