Web Standards Update

London Web Standards – 18 May 2015

 

Daniel Appelquist (@torgo)

Co-Chair, W3C Technical Architecture Group (@w3ctag)

TAG Update

New TAG members:

Yan Zhu (Yahoo!)

Hadley Beeman (UK Gov)

David Barron (Mozilla)

The TAG (circa April 2015)

The web needs to clean up its act on security & privacy

So what's happening?

US Whitehouse Proposal

BTW: Whitehouse seeks comment on proposal via GitHub

Security & Privacy Self-Review

Opportunistic Encryption

That “s” – and some of the web's other greatest mistakes

Discussion: “Is https everywhere harmful?”
discourse.specifiction.org/t/is-https-everywhere-harmful/

Permissions API

Finer-grained control over permissions-requesting APIs

A permissions anti-pattern

Ask permission
for a purpose

Secure Contexts

  • Née “Privileged Contexts,” née “Powerful Features”
  • Joint work between TAG and Web Apps Security Group

https://w3c.github.io/webappsec/specs/powerfulfeatures/

What's a Powerful Feature?

  • The feature provides access to sensitive data
  • The feature provides access to sensor data on a user’s device 
  • The feature provides access to or information about other devices a user has access to
  • The feature exposes temporary or persistent identifiers
  • The feature introduces some state for an origin which persists across browsing sessions
  • The feature manipulates a user agent’s native UI in some way which could trick the user
  • The feature requests user permission 

…and the web is adding more and more of these, all the time!

One does not simply…

…encrypt the web.

Thanks!

Daniel Appelquist

@torgo@w3ctag@tefdigital

Blatant Plug

 

”Hack Day” Event

Part hack-a-thon; part developer conference

September 25-26 in Shoreditch

Currently accepting session proposals:

lanyrd.com/2015/ota15/

overtheair.org - @overtheair

SPONSORSHIP OPPORTUNITIES AVAILABLE!