TAG Update

23 September 2015

Daniel Appelquist (@torgo)

Independent Consultant & 

Co-Chair, Technical Architecture Group

http://w3.org/tag

What is the TAG?

Special group in W3C chartered to:

  • document and build consensus around principles of Web architecture and to interpret and clarify these principles when necessary;
  • resolve issues involving general Web architecture brought to the TAG;
  • help coordinate cross-technology architecture developments inside and outside W3C.

 

5 elected, 3 appointed, 1 chair (Tim), 1 staff contact (Yves)

The TAG

Tim Berners-Lee (W3C, Chair)
Daniel Appelquist (Invited Expert, Chair)
Yves Lafon (W3C, staff contact)
Travis Leithead (Microsoft)
Peter Linss (HP, Chair)

Mark Nottingham (Akamai)
Alex Russell (Google)
Yan Zhu (Yahoo!)
Hadley Beeman (W3C Invited Expert)

David Baron (Mozilla, not shown)

Current work of the TAG

  • Pondering deep questions about the web
  • Writing stuff: findings and other output
  • Spec reviews
  • Joint work with other groups
  • Play a role in cross-organization liaisons
  • Community engagement

Spec Reviews

The TAG's “Heartbeat”

WebRTC IP Address Leakage

https://github.com/w3ctag/spec-reviews/issues/14

Finding: Securing the Web

  • Moving the Web to https
  • Motivations thereof
  • Coordinating with the web community

https://www.w3.org/2001/tag/doc/web-https

Finding: End-to-End Encryption

  • A follow-up to “securing the web”
  • Adding our voice to advocates of e2e encryption
  • Wading slightly into policy territory – intentionally and (we think) appropriately

https://www.w3.org/2001/tag/doc/encryption-finding/

Finding: Unsanctioned Web Tracking

  • Explicitly calling out inappropriate use of web technology for tracking purposes as harmful and against web architecture

https://www.w3.org/2001/tag/doc/unsanctioned-tracking/

Advocate Our Position

Joint work: Secure Contexts

  • Née “Privileged Contexts,” née “Powerful Features”
  • Joint work with the Web Application Security Group

https://w3c.github.io/webappsec/specs/powerfulfeatures/

What's a Powerful Feature?

  • The feature provides access to sensitive data
  • The feature provides access to sensor data on a user’s device 
  • The feature provides access to or information about other devices a user has access to
  • The feature exposes temporary or persistent identifiers
  • The feature introduces some state for an origin which persists across browsing sessions
  • The feature manipulates a user agent’s native UI in some way which could trick the user
  • The feature requests user permission 

…and the web is adding more and more of these, all the time.

Joint Work: Security & Privacy Self-Review

Ongoing Work: That “s”…

We're on github: https://github.com/w3ctag

Follow @w3ctag on Twitter

TAG Update for GSMA WWG

By Daniel Appelquist

TAG Update for GSMA WWG

TAG Update for September 2015 GSMA WWG Meeting

  • 2,449