Web Application Security Minus Authentication and Transport

Web HTTP Application Security Minus Authentication and Transport

With the arrival of new attacks the introduction of new web security indicators, security techniques, and policy communication mechanisms have sprinkled throughout the various layers of the Web and HTTP.

The work will be with the Web application and Web security communities. The scope is HTTP applications security, but does not include HTTP authentication, nor internals of transport security which are addressed by other working groups (although it may make reference to transport security as an available security "primitive").

Additionally, the WG will standardize a small number of selected specifications that have proven to improve security of Internet Web applications.

To contact the list owners, use the following email address:


IETF Mailarchive

Subscription / Unsubscription

To subscribe or unsubscribe from this list, please sign in first. If you have not previously signed in, you may need to set up an account with the appropriate email address.

Sign In

You can also subscribe without creating an account. If you wish to do so, please use the form below.