Calendar of Events
Subscribe: 
As stated in its charter, the mission of the Web Application Security Working Group is to develop technical and policy mechanisms to improve the security of and enable secure cross-site communications for applications on the Web.
The group's primary work mode is via discussion on a public mailing list: public-webappsec@w3.org | Subscribe | List Archives
WebAppSec conducts a one hour, members-only teleconference every two weeks. See the calendar of events for the most current dates and times and dial-in details.
Participants in the teleconference are encouraged to please also join the #webappsec channel during the call. Connect to irc.w3.org:6665 with your favorite IRC client or use the web interface.
Minutes for teleconferences and face-to-face meeetings are archived here.
Please use the WG's GitHub repo or the GitHub issues link in each spec to manage spec text bugs and pull requests. (technical issues and feature requests must go through the public mailing list first)
| Complete | ED | TR |
|---|---|---|
| Content Security Policy Level 1 | NOTE: /TR/CSP1 | |
| Subresource Integrity | webappsec-subresource-integrity | REC: /TR/SRI/ |
| Content Security Policy Level 2 | webappsec-csp | REC: /TR/CSP2 |
| Stable | ED | TR |
| Mixed Content | webappsec-mixed-content | CR: /TR/mixed-content/ |
| Upgrade Insecure Requests | webappsec-upgrade-insecure-requests | WD: /TR/upgrade-insecure-requests/ |
| Secure Contexts | webappsec-secure-contexts | CR: /TR/powerful-features/ |
| Referrer Policy | webappsec-referrer-policy | CR: /TR/referrer-policy/ |
| Stabilizing | ED | TR |
| Credential Management Level 1 | webappsec-credential-management | WD: /TR/credential-management/ |
| Permissions API | permissions | FPWD: /TR/permissions/ |
| Content Security Policy Level 3 | webappsec-csp | WD: /TR/CSP |
| Works in Progress | ED | TR |
| Clear Site Data | webappsec-clear-site-data | FPWD: /TR/clear-site-data/ |
| Confinement with Origin Web Labels | webappsec-cowl | FPWD: /TR/cowl/ |
| CSP Pinning | webappsec-csp | FPWD: /TR/csp-pinning/ |
| Entry Point Regulation | webappsec-epr | FPWD: /TR/epr/ |
The WebAppSec Working Group operates under a charter approved on 22 March 2017.
The W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent.
Daniel Veditz (Mozilla) and Mike West (Google)
Wendy Seltzer and Samuel Weiler
(W3C Member-Only) See DBWG and IPP for a list of WG participants.
Join the group.
Members and the public interested in this WG's work may also want to follow the W3C Web Security Interest Group and Web Authentication Working Group as well as the Websec Working Group at the IETF.