[19] [DFN[[[Web Application Security Working Group]]]] ([DFN[[[WebAppSec]]]])
は、 [[Web]] の[[セキュリティー]]関係の仕様を開発している [[W3C]] の [[WD]] です。

* 仕様

[17] [[WebAppSec]] は次の[[仕様]]を開発しています。
[FIG(short list)[
- [[CSP]]
- [[SRI]]
- [[Mixed Content]]
- [[Upgrade Insecure Requests]]
- [[Secure Contexts]]
- [[Referrer Policy]]
- [[Clear Site Data]]
- [[EPR]]
- [[COWL]]
- [[Permissions API]]
- [[Credential Management]]
- [[UI Security]]
- [[Reporting API]]
]FIG]

* 人物

[18] 多くの仕様は [[Mike West]] が開発しています。多くの仕様は [[Fetch]]
や [[HTML]] など [[WHATWG]] の仕様と深く関わっているため、 [[WHATWG]]
側で [[Anne van Kesteren]] がよく関与しています。

* 歴史

[1] [CITE@en-US[Web Application Security Working Group]]
( ([TIME[2010-07-22 00:55:55 +09:00]] 版))
<http://www.w3.org/2010/07/appsecwg-charter>

[2] [CITE@en[Web Application Security Working Group]]
( ([TIME[2011-09-08 08:57:55 +09:00]] 版))
<http://www.w3.org/2011/webappsec/>

[3] [CITE[Web Application Security Working Group]]
( ([TIME[2011-09-08 08:58:50 +09:00]] 版))
<http://www.w3.org/2011/08/appsecwg-charter.html>

[4] [CITE@en[WebAppSec re-charter status]]
([[Wendy Seltzer]] 著, [TIME[2015-02-04 21:16:47 +09:00]] 版)
<https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0066.html>

[5] [CITE[IRC logs: freenode / #whatwg / 20150310]]
([TIME[2015-03-11 11:49:49 +09:00]] 版)
<http://krijnhoetmer.nl/irc-logs/whatwg/20150310>

[6] [CITE@en[''''''[''''''webappsec'''''']'''''' rechartering complete!]]
([[Brad Hill]] 著, [TIME[2015-03-19 05:15:06 +09:00]] 版)
<https://lists.w3.org/Archives/Public/public-webappsec/2015Mar/0128.html>

[7] [CITE[Web Application Security Working Group]]
([TIME[2015-03-19 03:15:49 +09:00]] 版)
<http://www.w3.org/2015/03/webappsec-charter-2015.html>

[FIG(quote)[
[FIGCAPTION[
[8] [CITE@en[Joining WebAppSec]]
([[Nottingham, Mark]] 著, [TIME[2015-03-26 05:55:36 +09:00]] 版)
<https://lists.w3.org/Archives/Public/public-webappsec/2015Mar/0172.html>
]FIGCAPTION]

> Akamai has joined the WG, and we'll be sending a few people to participate, including me.

]FIG]


[9] [CITE@en[CFC: All publications in WebAppSec to use new W3C publication  process, was Re: CFC to push use new publishing process]]
([[Marcos Caceres]] 著, [TIME[2015-03-26 03:33:39 +09:00]] 版)
<https://lists.w3.org/Archives/Public/public-webappsec/2015Mar/0170.html>

[10] [CITE[Web Application Security Working Group]]
([TIME[2015-04-30 03:57:27 +09:00]] 版)
<http://www.w3.org/2015/03/webappsec-charter-2015.html>

[11] [CITE[IRC logs: freenode / #whatwg / 20150824]]
([TIME[2015-08-25 11:10:10 +09:00]] 版)
<http://krijnhoetmer.nl/irc-logs/whatwg/20150824>

[FIG(quote)[
[FIGCAPTION[
[12] [CITE[IRC logs: freenode / #whatwg / 20150831]]
([TIME[2015-09-01 11:54:18 +09:00]] 版)
<http://krijnhoetmer.nl/irc-logs/whatwg/20150831#l-258>
]FIGCAPTION]

> <mkwst> I only care about the W3C HTML spec insofar as I need to advance specs to REC due to patent idiocy.

]FIG]


[13] [CITE@en[Split the `w3c/webappsec` respository?]]
([[Mike West]] 著, [TIME[2015-09-08 17:33:40 +09:00]] 版)
<https://lists.w3.org/Archives/Public/public-webappsec/2015Sep/0039.html>

[14] [CITE@en[Re: Starting to create new repositories.]]
([[Mike West]] 著, [TIME[2015-10-02 03:12:08 +09:00]] 版)
<https://lists.w3.org/Archives/Public/public-webappsec/2015Oct/0002.html>

[15] [CITE[Table of Specifications]]
([TIME[2015-10-01 20:51:59 +09:00]] 版)
<https://w3c.github.io/webappsec/specs/>

[16] [CITE@en[Starting to create new repositories.]]
([[Mike West]] 著, [TIME[2015-09-30 21:27:58 +09:00]] 版)
<https://lists.w3.org/Archives/Public/public-webappsec/2015Sep/0239.html>

* メモ

[20] [[W3C]] の [[WG]] にしては珍しく、高品質な仕様書を順調に開発しています。

[21] [CITE@en[Web Application Security Working Group F2F -- 16 May 2016]]
( ([TIME[2016-05-18 00:38:05 +09:00]]))
<https://www.w3.org/2016/05/16-webappsec-minutes.html>

[22] [CITE@en[Web Application Security Working Group F2F -- 17 May 2016]]
( ([TIME[2016-05-18 09:49:47 +09:00]]))
<https://www.w3.org/2016/05/17-webappsec-minutes.html>

[23] [CITE@en[Rechartering WebAppSec -- call for input]]
([[Wendy Seltzer]]著, [TIME[2016-10-20 06:53:01 +09:00]])
<https://lists.w3.org/Archives/Public/public-webappsec/2016Oct/0036.html>

[24] [CITE@en[add an initial draft of Charter 2017]]
([[wseltzer]]著, [TIME[2016-11-30 08:25:55 +09:00]])
<https://github.com/w3c/webappsec/commit/321356f94ed7b7366ce641d75d16fece1541071e>

[25] [CITE@en[update 2017 charter draft]]
([[hillbrad]]著, [TIME[2016-12-15 04:02:13 +09:00]])
<https://github.com/w3c/webappsec/commit/25ced49c03bb17d8f976eb6c2ca54f00f3235f93>

[26] [CITE@en['''['''webappsec''']''' CfC: Draft charter for review, ends 21-Dec-2016]]
([[Brad Hill]]著, [TIME[2016-12-15 04:07:20 +09:00]])
<https://lists.w3.org/Archives/Public/public-webappsec/2016Dec/0004.html>

[27] [CITE@en[Fwd: Review for the WebAppSec WG Recharter -- update milestones]]
([[Wendy Seltzer]]著, [TIME[2017-02-08 07:13:13 +09:00]])
<https://lists.w3.org/Archives/Public/public-webappsec/2017Feb/0000.html>

[28] [CITE[DRAFT 2017 Web Application Security Working Group]]
([TIME[2017-02-09 13:56:42 +09:00]])
<https://rawgit.com/w3c/webappsec/master/admin/webappsec-charter-2017.html>

[29] [CITE@en[Fwd: Proposed W3C Charter: Web Application Security Working Group  (until 2017-03-20)]]
([[Wendy Seltzer]]著, [TIME[2017-02-22 02:20:16 +09:00]])
<https://lists.w3.org/Archives/Public/public-webappsec/2017Feb/0026.html>

[30] [CITE@en[Web Application Security Working Group Re-Charter Approved; Join the  WebAppSec WG (Call for Participation)]]
([[Xueyuan Jia]]著, [TIME[2017-03-27 17:10:47 +09:00]])
<https://lists.w3.org/Archives/Public/public-webappsec/2017Mar/0042.html>

[31] [CITE@en[Proposal: adopt a "test required" policy for spec changes]]
([[Daniel Veditz]]著, [TIME[2017-09-09 04:47:24 +09:00]])
<https://lists.w3.org/Archives/Public/public-webappsec/2017Sep/0000.html>

[32] [CITE@en[Mike West appointed co-Chair of the Web Application Security Working  Group]]
([[Xueyuan]]著, [TIME[2017-10-25 13:18:16 +09:00]])
<https://lists.w3.org/Archives/Public/public-webappsec/2017Oct/0012.html>

[33] [CITE@en[Create webappsec-charter-2019.html]]
([[mikewest]]著, [TIME[2018-10-12 22:54:50 +09:00]])
<https://github.com/w3c/webappsec/commit/ebcfca01af799477f74525ac3bc1c62ca6cc599e>

[34] [CITE@en[Add Feature Policy to deliverables]]
([[wseltzer]]著, [TIME[2018-12-20 01:41:56 +09:00]])
<https://github.com/w3c/webappsec/commit/c90f9c9fb7ea349b48d8158047b15c085d190b95>

[35] [CITE@en[Add Feature Policy to deliverables by wseltzer · Pull Request #539 · w3c/webappsec]]
([TIME[2019-05-31 14:56:34 +09:00]])
<https://github.com/w3c/webappsec/pull/539>

[36] [CITE@en[Update charter for 2019.]]
([[mikewest]]著, [TIME[2018-12-19 23:25:49 +09:00]])
<https://github.com/w3c/webappsec/commit/1eb9873ac2e86d2156fba100db92cb3dd96fa342>

[37] [CITE@en[Copy the 2017 charter to 2019 for easy diffing.]]
([[mikewest]]著, [TIME[2018-12-19 23:25:22 +09:00]])
<https://github.com/w3c/webappsec/commit/76d80eaa1d783e316311f97eb67501d0226d7483>

[38] [CITE@en[propose 2-year charter (#540)]]
([[wseltzer]]著, [TIME[2018-12-20 04:30:43 +09:00]])
<https://github.com/w3c/webappsec/commit/76e7cd9bc5eddac99c001f3f2ae4fa35adaa6bde>

[39] [CITE@en[propose 2-year charter by wseltzer · Pull Request #540 · w3c/webappsec]]
([TIME[2019-05-31 14:57:58 +09:00]])
<https://github.com/w3c/webappsec/pull/540>

[40] [CITE@en[update link to Feature Policy]]
([[wseltzer]]著, [TIME[2018-12-22 05:31:43 +09:00]])
<https://github.com/w3c/webappsec/commit/ff944f5f91cdd2643c9291065fcbfcdef516db5c>

[41] [CITE@en[update link to Feature Policy by wseltzer · Pull Request #541 · w3c/webappsec]]
([TIME[2019-05-31 14:59:11 +09:00]])
<https://github.com/w3c/webappsec/pull/541>