10-11 September 2014, Silicon Valley (Mountain View), California

The Web turns 25 in 2014. Find out how you can help shape the future Web. Send your birthday greetings for the Web with #web25.

Many projects and companies are now requiring high security Web applications with improved authentication, and the W3C is positioned to enable technologies ranging from simple multi-factor authentication to full-blown smartcard-based authentication available to Web applications. For an example of new relevant work, the Web Cryptography API will soon expose standardized cryptographic functionality to Web applications across all major browsers.

Before re-chartering Web Cryptography Working Group or any new Working Group, the W3C believes that consensus around a long-term strategy should be solidified, and so the W3C is holding a to determine what the web ecosystem needs to fully realize the potential of authentication on the Web in interoperating with other groups such as the FIDO Alliance and the Smartcard Alliance.

The aim of this workshop is to bring together those interested in discussing the integration of high-value authentication and hardware-based security in the Open Web Platform. This integration could make available to the Open Web Platform the current security capabilities of platforms via standards in this area.

Goals and Scope

The integration of hardware tokens for Web applications has been discussed in several Working Groups in W3C, such as the Web Cryptography Working Group, the SysApps Working Group, and in other workshops. Nevertheless there are different forms of secure tokens (from smartcards to secure micro-SD) and different services that could be brought by those trusted elements (storage, cryptographic operations, secure operations, authentication). Industry efforts in this area like the FIDO Alliance, which includes the use of mobile devices and biometric readers for authentication, have also been rapidly maturing and could intersect with the W3C in a number of mutually beneficially ways. The goal of this workshop is to outline a consensus for future deliverables and scope for the Web Cryptography Working Group charter or another Working Group charter and potentially list secure services to be developed on the Open Web Platform.

We invite you to and to attend this workshop to help shape the next steps for the Web Cryptography API.

Further steps

The Web Cryptography Working Group will be rechartering their Working Group after exiting the Candidate Recommendation phase, and this is expected to happen at some point this year. Thus, having a clear consensus on how the current API can be extended is vital to plan the next phase of the Working Group, or any new Working Groups that may be related. Various aspects of the technology needed for high-value authentication may also be well-suited for existing other Working Groups or new Working Groups.

Workshop topics

Possible topics include, but are not limited to the following:

Multi-factor authentication and Web applications

The use of smartcards and other hardware tokens (dongles, SIM cards) with the Web Cryptography API

Interactions of various identity systems with the Web Cryptography API and other Web APIs

National eID schemes and Web applications

Use-cases in high-value environments such as the financial industry and government

Improving authentication using the Web Cryptography API

Security analysis of APIs, including but not limited to the Web Cryptography API

Issues around safe and secure private key storage

Making APIs in this area developer-friendly

Who Should Attend