Skip to content

Commit

Permalink
add doc policy; remove CSP:EE, SRI, Suborigins, Origin Policy
Browse files Browse the repository at this point in the history 
Hoping to resolve (most of) #595
  • Loading branch information
@samuelweiler
samuelweiler authored Jul 14, 2021
1 parent 137841b commit 1f764b6
Showing 1 changed file with 31 additions and 66 deletions.
97 changes: 31 additions & 66 deletions admin/webappsec-charter-2021.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -337,23 +337,6 @@ <h3>
<p><b>Exclusion Draft:</b> <a href="https://www.w3.org/TR/2016/WD-CSP3-20160126/">26 January 2016</a>
<p><b>Other Charter:</b> <a href="https://www.w3.org/2015/03/webappsec-charter-2015.html">2015 charter</a></p>
</dd>

<dt class="spec"><a href="https://www.w3.org/TR/csp-embedded-enforcement/">Content Security
Policy: Embedded Enforcement</a></dt>

<dd>
<p>A mechanism by which a web page can embed a
nested browsing context if and only if it agrees to
enforce a particular set of restrictions upon
itself.</p>

<p class="draft-status"><b>Draft
state:</b> <a href="https://www.w3.org/TR/csp-embedded-enforcement/">Working
Draft</a></p>

<p><b>Exclusion Draft:</b> <a href="https://www.w3.org/TR/2015/WD-csp-embedded-enforcement-20151215/">15 December 2015</a>
<p><b>Other Charter:</b> <a href="https://www.w3.org/2015/03/webappsec-charter-2015.html">2015 charter</a></p>
</dd>

<dt class="spec"><a href="http://www.w3.org/TR/mixed-content/">Mixed Content</a> </dt>

Expand Down Expand Up @@ -459,54 +442,6 @@ <h3>
<p><b>Other Charter:</b> <a href="https://www.w3.org/2015/03/webappsec-charter-2015.html">2015 charter</a></p>
</dd>

<dt class="spec"><a href="https://w3c.github.io/webappsec-subresource-integrity/">Subresource Integrity Level 2</a></dt>

<dd>
<p>A successor to the <a href="https://www.w3.org/TR/SRI/">Subresource Integrity</a>
Recommendation that:</p>

<ul>
<li>improves the ability to deploy and manage integrity taggging of assets for complex
applications, including but not limited to mechanisms such as policy, manifests and
public key signatures</li>

<li>explores the possibility of verifying entire packaged web applications units with a
goal of providing end-user assurance about the identity and integrity of the code they
are interacting with</li>
</ul>

<p class="draft-status"><b>Draft state:</b>
<a href="https://w3c.github.io/webappsec-subresource-integrity/">Editor's
Draft</a></p>


</dd>

<dt class="spec"><a href="https://w3c.github.io/webappsec-suborigins/">Suborigins</a></dt>

<dd>
<p>Mechanism to allow applications to place themselves into
namespaces within a traditional scheme/host/port RFC 6454 Origin label to enable easier
development of modular applications with privilege separation.</p>

<p class="draft-status"><b>Draft state:</b>
Unofficial <a href="https://w3c.github.io/webappsec-suborigins/">Editor's
Draft</a></p>
</dd>

<dt class="spec"><a href="https://wicg.github.io/origin-policy/">Origin Policy</a></dt>

<dd>
<p>A delivery mechanism for a number of policies which
are to be applied to an entire origin. It complements
header-based delivery mechanisms for existing policies
(Content Security Policy, Referrer Policy, etc).
to provide security policy statements that apply to an
entire origin.</p>

<p class="draft-status"><b>Draft state:</b> Adopted from WICG</a></p>
</dd>

<dt class="spec"><a href="https://www.w3.org/TR/permissions/">Permissions API</a></dt>

<dd>
Expand All @@ -531,6 +466,15 @@ <h3>
<p class="draft-status"><b>Draft state:</b> Adopted from WICG</p>
<p><b>Expected publication as a Candidate Recommendation:</b> No later than Q2 2022</p>
</dd>


<dt class="spec"><a href="https://wicg.github.io/document-policy/">Document Policy</a></dt>

<dd><p> A framework for designing configurable features as part of the web platform, and for allowing web developers to configure those features as part of their site deployment.
</p>
<p class="draft-status"><b>Draft state:</b> Adopted from WICG</p>
</dd>


</dl></dl>

Expand All @@ -545,6 +489,25 @@ <h3>
<dd><p>A description of Spectre-type attacks as well as mitigations, targeted at web developers.</p>
<p class="draft-status"><b>Draft state:</b> <a href="https://www.w3.org/TR/post-spectre-webdev/">Working Draft</a></p>
</dd>

<dt class="spec"><a href="https://www.w3.org/TR/csp-embedded-enforcement/">Content Security
Policy: Embedded Enforcement</a></dt>

<dd>
<p>A mechanism by which a web page can embed a
nested browsing context if and only if it agrees to
enforce a particular set of restrictions upon
itself.</p>
<p>Previously published as a Working Draft, CSP:EE will be repubished as a WG note, and work will continue in WICG.</p>

<p class="draft-status"><b>Draft
state:</b> <a href="https://www.w3.org/TR/csp-embedded-enforcement/">Working
Draft</a></p>

<p><b>Exclusion Draft:</b> <a href="https://www.w3.org/TR/2015/WD-csp-embedded-enforcement-20151215/">15 December 2015</a>
<p><b>Other Charter:</b> <a href="https://www.w3.org/2015/03/webappsec-charter-2015.html">2015 charter</a></p>
</dd>

</dl>
<p>
Other non-normative documents may be created such as:
Expand Down Expand Up @@ -970,7 +933,9 @@ <h3>
31 July 2023
</td>
<td>
<p>Added Trusted Types, Change Password URL, and Fetch Metadata.</p>
<p>Added Document Policy, Trusted Types, Change Password URL, and Fetch Metadata.</p>
<p>Removed SRI2, Suborigins, and Origin Policy, none of which were ever published as WG WDs.</p>
<p>Moving CSP:EE back to WICG. Publishing a last version (for now) as a WG Note.</p>
<p>Moved most specs to snapshot (evergreen) publication.</p>
<p>Updated scope text, reflecting a changing world. Allow WG to do WebCrypto maintenance.</p>
<p>Updated charter consistent with modern templates.</a>
Expand Down

0 comments on commit 1f764b6

Please sign in to comment.