Web Application Security Working Group - IPR

Licensing Commitments

Participants in this group have made certain licensing commitments by joining the group. In addition to these Participants, non-participating W3C Member may have made licensing commitments.

W3C Members not participating in this group who wish to make the same licensing commitments for specifications developed by this group may do so through a Join form for licensing commitments from non-participating Members.

Other parties making a substantive contribution to the work of the group need to make a Royalty-Free patent commitment, as described in section 6.2.6 of the Process. Team contacts will provide instructions for recording the non-participant licensing commitment before the contribution can be accepted.

Participation

W3C Member Organizations
  • 360
  • Adobe
  • Akamai Technologies
  • Apple Inc.
  • Autodesk
  • Brave Software Inc.
  • ByteDance
  • CANTON CONSULTING
  • Centre for Inclusive Design
  • Cloudflare
  • Consensys
  • Defense Information Systems Agency
  • Digital Bazaar
  • Entersekt
  • Google LLC
  • HM Government
  • Igalia
  • mesur.io
  • Meta
  • Microsoft Corporation
  • Ministry of Digital Affairs, Taiwan
  • MITRE Corporation
  • Mozilla Foundation
  • Okta
  • Proton AG
  • Rakuten Group, Inc.
  • Salesforce
  • Shopify
  • Skynet Technologies
  • Yahoo Holdings Inc.

Note: Log in to see links to organizations if you have member access

Invited Experts
  • Giorgio Maone
  • Rob van Eijk
Team members
  • Philippe Le Hegaret
  • Simone Onofri

See also the list of individuals participating in this group.

The Call for Participation for this group was announced on 2022-06-09; see the Patent Policy FAQ for information about continued participation before re-joining the group.

Specifications published by the Group

The following is the list of specifications produced by the Web Application Security Working Group that have associated disclosures obligations, and possible licensing obligations under the W3C Patent Policy.

Document under the W3C Patent Policy Patent Disclosure Patent Exclusion
Content Security Policy Level 2 disclose exclude
User Interface Security and the Visibility API disclose exclude
Cross-Origin Resource Sharing disclose exclude
Subresource Integrity disclose exclude
Mixed Content disclose exclude
Referrer Policy disclose exclude
Secure Contexts disclose exclude
Upgrade Insecure Requests disclose exclude
Permissions disclose exclude
Credential Management Level 1 disclose exclude
Clear Site Data disclose exclude
Confinement with Origin Web Labels disclose exclude
Content Security Policy: Embedded Enforcement disclose exclude
Content Security Policy Level 3 disclose exclude
Permissions Policy disclose exclude
Fetch Metadata Request Headers disclose exclude
Trusted Types disclose exclude
A Well-Known URL for Changing Passwords disclose exclude
Document not/no longer under the W3C Patent Policy Patent Disclosure Patent Exclusion
Content Security Policy 1.0 disclose Exclusion is not possible (document not under PP)
Content Security Policy Pinning disclose Exclusion is not possible (document not under PP)
Entry Point Regulation disclose Exclusion is not possible (document not under PP)
Content Security Policy: Cookie Controls disclose Exclusion is not possible (document not under PP)
Post-Spectre Web Development disclose Exclusion is not possible (document not under PP)

Patent Disclosures and Claim Exclusions

This section summarizes patent disclosures by participants in W3C's Web Application Security Working Group as required by section 6 of the W3C Patent Policy.

W3C takes no position regarding either:

  • the validity or scope of any intellectual property right or other rights that might be claimed to pertain to the implementation or use of the technology, or
  • the extent to which any license under such rights might or might not be available from those not participating in this group.

Where disclosure is required by a W3C Member, the AC Representative makes the disclosure.

Anyone else may also make a disclosure.

Known Disclosures

No patent disclosures have been made for any specifications of this group.

How to Make a Patent Disclosure

W3C Members and Invited Experts (including those not participating in this group) wishing to disclose a patent for any specification produced by the Web Application Security Working Group should use the Web Application Security Working Group patent disclosure form.

Disclosures from the general public should be sent to the W3C Staff.

For specifications developed under the W3C Patent Policy, parties that commit to the W3C Royalty-Free Licensing Terms are not required to disclose patents. Any party (not just the Working Group Participants) may commit to the W3C Royalty-Free Licensing Terms and may do so by following the instructions in the next section.

Claim Exclusions

Only Web Application Security Working Group participants may exclude patent claims concerning specifications developed under the W3C Patent Policy, per section 4 of the W3C Patent Policy. To make an exclusion, participants should use the Web Application Security Working Group patent claim exclusion form, but only after first disclosing the patent.

Exclusion Opportunities

The Patent Policy FAQ provides detailed information about exclusion opportunities, that is, when a Working Group Participant can exclude a patent claim.

Each exclusion opportunity has a duration. See section 4.1 of the W3C Patent Policy for information on how the exclusion deadline is calculated.

At each exclusion opportunity, Participants may exclude patent claims with respect to a body of text. The Exclusion Draft is the reference body of text for the current exclusion opportunity.

Note: At each new exclusion opportunity (e.g., in the case of a second Candidate Recommendation Snapshot), exclusions are only with respect to differences since the previous reference body of text. These differences may be less than an entire document, and the summary below does not address that granularity. Also, in some edge cases (discussed in the FAQ), Participants, depending on when they joined the Working Group, will have different Exclusion Drafts; the summary below does not reflect this case.

Exclusion Opportunities

No current exclusion opportunities.

View previous exclusion opportunities

Trusted Types
Call for exclusion started on 2022-09-27, opportunity until 2023-02-24
A Well-Known URL for Changing Passwords
Call for exclusion started on 2022-09-27, opportunity until 2023-02-24
Fetch Metadata Request Headers
Call for exclusion started on 2019-06-27, opportunity until 2019-11-24
Feature Policy
Call for exclusion started on 2019-04-16, opportunity until 2019-09-13
Referrer Policy
Call for exclusion started on 2017-01-27, opportunity until 2017-03-28
Secure Contexts
Call for exclusion started on 2016-09-16, opportunity until 2016-11-15
Mixed Content
Call for exclusion started on 2016-08-02, opportunity until 2016-10-01
Content Security Policy Level 3
Call for exclusion started on 2016-01-26, opportunity until 2016-06-24
Content Security Policy: Cookie Controls
Call for exclusion started on 2015-12-15, opportunity until 2016-05-13
Content Security Policy: Embedded Enforcement
Call for exclusion started on 2015-12-15, opportunity until 2016-05-13
Confinement with Origin Web Labels
Call for exclusion started on 2015-10-15, opportunity until 2016-03-13
Subresource Integrity
Call for exclusion started on 2015-11-12, opportunity until 2016-01-11
Clear Site Data
Call for exclusion started on 2015-08-05, opportunity until 2016-01-02
Upgrade Insecure Requests
Call for exclusion started on 2015-10-09, opportunity until 2015-12-08
Mixed Content
Call for exclusion started on 2015-10-09, opportunity until 2015-12-08
Entry Point Regulation
Call for exclusion started on 2015-06-09, opportunity until 2015-11-06
Credential Management Level 1
Call for exclusion started on 2015-04-30, opportunity until 2015-09-27
Content Security Policy Level 2
Call for exclusion started on 2015-07-22, opportunity until 2015-09-20
The Permissions API
Call for exclusion started on 2015-04-09, opportunity until 2015-09-06
Content Security Policy Pinning
Call for exclusion started on 2015-02-26, opportunity until 2015-07-26
Upgrade Insecure Requests
Call for exclusion started on 2015-02-26, opportunity until 2015-07-26
Mixed Content
Call for exclusion started on 2015-03-26, opportunity until 2015-05-25
Requirements for Powerful Features
Call for exclusion started on 2014-12-04, opportunity until 2015-05-03
Content Security Policy Level 2
Call for exclusion started on 2015-02-19, opportunity until 2015-04-20
Mixed Content
Call for exclusion started on 2014-11-13, opportunity until 2015-01-12
Referrer Policy
Call for exclusion started on 2014-08-07, opportunity until 2015-01-04
Mixed Content
Call for exclusion started on 2014-07-22, opportunity until 2014-12-19
Content Security Policy Level 2
Call for exclusion started on 2014-07-07, opportunity until 2014-09-05
Subresource Integrity
Call for exclusion started on 2014-03-18, opportunity until 2014-08-15
User Interface Security Directives for Content Security Policy
Call for exclusion started on 2014-03-18, opportunity until 2014-05-17
Content Security Policy 1.1
Call for exclusion started on 2012-12-13, opportunity until 2013-05-12
User Interface Safety Directives for Content Security Policy
Call for exclusion started on 2012-11-20, opportunity until 2013-04-19
Content Security Policy 1.0
Call for exclusion started on 2012-07-10, opportunity until 2012-09-08
Content Security Policy
Call for exclusion started on 2011-12-01, opportunity until 2012-04-29

Additional Licensing Information

As described in section 5 of the W3C Patent Policy:

All Working Group participants are encouraged to provide a contact from which licensing information can be obtained and other relevant licensing information. Any such information will be made publicly available along with the patent disclosures for the Working Group in question.

Patent holders may:

  1. Provide additional licensing information for documents produced by this Working Group
  2. Provide the same additional licensing information for all documents with associated licensing obligations produced by this Working Group, or
  3. Provide additional licensing information for any W3C document with associated licensing obligations produced by any W3C Working Group under the W3C Patent Policy.

Such licensing information should be sent to the W3C Staff.

Please recall that, per section 5 of the W3C Patent Policy, a W3C Royalty-Free license:

may not impose any further conditions or restrictions on the use of any technology, intellectual property rights, or other restrictions on behavior of the licensee, but may include reasonable, customary terms relating to operation or maintenance of the license relationship such as the following: choice of law and dispute resolution.