- From: Hill, Brad <bhill@paypal-inc.com>
- Date: Thu, 26 Apr 2012 19:46:18 +0000
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E0A165F@DEN-EXDDA-S12.corp.ebay.com>
WebAppSec WG Members,
Please take a look at the agenda draft below and let your thoughts be known. This agenda sets out the mornings for work on the contents of our deliverables and the afternoons for working on the test suites.
Thanks,
Brad Hill
=======================
DRAFT WebAppSec F2F Agenda:
Day 1: Wednesday, May 2
9:00-9:45 Introductions, agenda tweaking
9:45-10:15 Last Call comments for CORS
10:15-10:45 CSP outstanding issues for 1.0
10:45-11:00 Break
11:00-12:30 CSP version.Next proposals
Cut features:
Late binding with DOM API or META tag
Policy-URI
New directives:
See wiki.
12:30-13:30 Lunch
13:30-16:30 Live Test Jam - Day 1
Introduction to W3C test harness and WebAppSec test VM
HelloWorld test case
Building a "negative" test case for CSP
Individual or team work on converting submitted test suites
Check in with questions and blocks at end of day
Day 2: Thursday, May 3
9:00-9:30 Agenda tweaking
9:30-12:30 Anti-Clickjacking
9:30-9:45 Clickjacking threats overview (Uhley?)
9:45-10:45 Client-side approaches to anti-clickjacking (Lin-Shung Huang?, Maone?) - TENTATIVE
10:45-11:00 Break
11:00-11:20 Server-side and hybrid approaches (Hill)
11:20-11:30 New UI controls (Hill)
11:30-12:30 Discussion, refinement and other proposals
12:30-13:30 Lunch
13:30-16:30 Live Test Jam - Day 2
Check-in with answers to questions and blocks from Day 1
Continue individual or team work on test case conversions
Received on Thursday, 26 April 2012 19:46:53 UTC