Skip to content

Web Security Model: mapping collaboratively the security baseline of the Web Platform #94

Description

@simoneonofri

Logistics

Facilitator(s)

@simoneonofri (W3C) @BDADAD-stack (FBK)

Summary

At W3C, we are working on the Threat Model for the Web. Last year, in breakout session #53, we started from a very basic but important question: “What are we working on?”. The answer was not obvious, because before modeling threats to the Web, we first need to understand what “the Web” is, at least from a security point of view.

This session is a follow-up to that discussion.

The goal is to collaboratively map the Web Security Model: the main components, assumptions, trust boundaries, and security responsibilities that Web specifications usually rely on when a new Web API is designed.

The point is to identify a baseline model (the highest part of the current diagram we have in the Threat Model for the Web) that can be reused by specification authors and reviewers when they need to reason about security by design.

In particular, I would like to discuss elements such as Web content, origins, user agents, browser UI, permission and mediation mechanisms. For each of these, we should try to understand what security properties are provided by the Web Platform, what remains API-specific, and where residual risks usually appear.

The expected outputs is a set of shared notes, and possibly one or more diagrams, that will be used to update the Threat Model for the Web.

Then, this work should help us create a boilerplate security model for designing Web APIs in a secure-by-design way. This may also inform future updates to the W3C Security and Privacy Questionnaire, so that new specifications can start from a common Web security baseline before analyzing their own feature-specific threats.

Type

Onsite

Other comments

This is intended as a working session, not just as a presentation.

A possible structure could be:

  1. Short recap of breakout session Web Platform: What are we working on? #53 and of the current Threat Model for the Web work.
  2. Presentation of a seed Web Security Model / DFD (top part of the current TMW).
  3. Collaborative mapping of components, flows, assumptions, and trust boundaries.
  4. Discussion on how this can become a reusable boilerplate for Web API security-by-design.
  5. Collection of follow-up actions for the Threat Model for the Web and, possibly, the Security and Privacy Questionnaire.

I would be happy to facilitate it on-site if travel and logistics allow it.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions