W3C Security Update

by Rohit Khare

For many of our members, the most urgent W3C mission is to address ``the security problem.'' W3C has recognized this as its #1 challenge, and is making progress on several fronts.

W3C's stated goal is a release version of libWWW this year that will interoperate with SHTTP and SSL. This does not imply that W3C can only choose one protocol or the other; we are investigating several other proposals. W3C will also be working on the supporting security infrastructure, such as Web-enabled certificate formats. We'll have more details at our next Advisory Council meeting.

To that end, we're putting together a top-flight engineering team. In the beginning, Tony Eng, an MIT graduate student, coordinated much of W3C's security information. As of May, we have hired one permanent staff member, Rohit Khare, and a temporary consultant, Phill Hallam-Baker. We are looking forward to adding several more staff members within the next sixty days.

Finally, W3C needs your involement to direct this process. After the February 22 Working Group, we set up several mailing lists. Frankly, they haven't gotten much traffic, and we need your input on each of these topics: w3c-scenarios to comment on W3C Security Scenarios , w3c-payment to comment on W3C Payment Proposals, and w3c-securitycode to comment on W3C Security Code.