W3C Announces: Toward a More Secure Web Workshop

Gaps in practical security on the Web make all users easy targets for fraud. Despite broad availability of security technologies, the Web community (browser developers, Web site operators, users) lack agreement on how to help avoid the most basic types of fraud. For example, Web users often cannot tell whether a Web site is really what it claims to be. All users deserve Web security that is convenient to use, and easy to understand. The goal is to identify methods to make secure, trustworthy browsing easy.

The Call for Participation solicits position papers from Web security experts, software developers, browser manufacturers and their customers regarding usability and transparency of Web authentication. Position papers can be submitted by email until 25 January 2006.

The Workshop takes place in New York City, USA, on 15 and 16 March 2006, and is hosted by Citigroup.

In order to improve the security of the Web as people use it today, W3C is convening a diverse community of users and developers to consider leading security use cases and identify concrete actions to take. The Workshop is chaired by Daniel Schutzer (Citigroup), and Thomas Roessler (W3C). The Program Committee includes representation from America Online Inc (AOL), Apple Computer, Bar-Ilan University, Carnegie Mellon University, the Center for Democracy and Technology (CDT), Columbia University, Comodo, Financial Services Technology Consortium (FSTC), Graz University of Technology, Microsoft, Mozilla, Ruhr-Universität Bochum, (SIZ), Sun Microsystems, KDE project, New York University, Opera, and VeriSign.

This Workshop aims to concretely identify a range of issues faced by those who wish to use the Web as a secure environment for tasks ranging from basic browsing to the most specialized application. In particular, the participants will look at ways to help address the current threats on the Web that are caused by the present lack of comprehensible and transparent Web authentication. The Workshop is expected to focus on near-term improvements that can be realized in browsers and through best practices coordinated between browser vendors and e-commerce service providers. Experiences and use cases from the financial services industry are expected to inform the discussion.