The year 2011 has been quite exciting from a Web security point of
view: a number of high-profile security incidents have gotten a lot
of press attention but also new initiatives, such as the National
Strategy for Trusted Identities in Cyberspace (NSTIC), had been
launched to improve the Web identity eco-system. The NSTIC strategy
paper, for example, observes problems with Internet security due to
the widespread usage of low-entropy passwords and the lack of widely
deployed authentication and attribute assurance services.
With this memorandum we try to develop a shared vision for how to
deal with the most pressing Web security problems.