W3C Security Workshop - Opportunity

Could be a great place for someone wearing a Project SAFE hat (and T-shirt ;-)) to present a paper.

http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/Overview.html

W3C Workshop on Authentication, Hardware Tokens and Beyond

Many projects and companies are now requiring high security Web applications with improved authentication, and the W3C is positioned to enable technologies ranging from simple multi-factor authentication to full-blown smartcard-based authentication available to Web applications. For an example of new relevant work, the Web Cryptography API will soon expose standardized cryptographic functionality to Web applications across all major browsers.

Before re-chartering Web Cryptography Working Group or any new Working Group, the W3C believes that consensus around a long-term strategy should be solidified, and so the W3C is holding a workshop to determine what the web ecosystem needs to fully realize the potential of authentication on the Web in interoperating with other groups such as the FIDO Alliance and the Smartcard Alliance.

The aim of this workshop is to bring together those interested in discussing the integration of high-value authentication and hardware-based security in the Open Web Platform. This integration could make available to the Open Web Platform the current security capabilities of platforms via standards in this area.

Goals and Scope

The integration of hardware tokens for Web applications has been discussed in several Working Groups in W3C, such as the Web Cryptography Working Group, the SysApps Working Group, and in other workshops. Nevertheless there are different forms of secure tokens (from smartcards to secure micro-SD) and different services that could be brought by those trusted elements (storage, cryptographic operations, secure operations, authentication). Industry efforts in this area like the FIDO Alliance, which includes the use of mobile devices and biometric readers for authentication, have also been rapidly maturing and could intersect with the W3C in a number of mutually beneficially ways. The goal of this workshop is to outline a consensus for future deliverables and scope for the Web Cryptography Working Group charter or another Working Group charter and potentially list secure services to be developed on the Open Web Platform.

We invite you to submit a paper and to attend this workshop to help shape the next steps for the Web Cryptography API.

Good find Mark!

My own personal experience with W3, having met one of their representatives in Paris last month, is that they are highly sceptical and dismissive of anyone else under taking the task of improving the privacy and security of existing web services. It is possible/likely that this may be down to the individual involved, or the fact the W3 has tried and failed to implement such a project on their own?

We have found within the wider IT community a healthy dose of ‘not invented here’ syndrome. A disease where projects that are tackling the same problems with a shared vision seem to be unwilling to work together, or to implement others libraries on the basis that they can do it better. I’m now of the view that the best way to answer these issues is to not necessarily to get involved in lengthy and time consuming debates, rather to ship a platform/product and then debate on how well it does or doesn’t work. I’m not suggesting that debate is not healthy, far from it, peer review is one of the most important aspects of a community. But there is a point where the talking has to stop and the design and code speaks for itself.

I agree that it would be great to engage with W3C Mark, but believe the best time to do this is after beta 1. Just my personal opinion though .

Fair enough @NickLambert. You are going to be one busy fella at launch!

I’m thinking about doing a talk at the Nottingham Hackerspace. It’ll be a general audience, so am also not sure if I should wait til launch so I can spark interest and sign of with a download link. PM me if you have any thoughts.

EDIT: whoa: WikiLeaks just followed me on twitter. What shall I tweet man!?

How about “Free Assange!” I’ll PM you now.

Observed the same…a lot of tunnel vision and must have been disheartening at times for you guys.

Maidsafe, really are the underdog in this space…and I think we love that feeling when the underdog comes from nowhere and wins