W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

[webappsec] Agenda for 25-March-2013 Teleconference

From: Hill, Brad <bhill@paypal-inc.com>
Date: Mon, 25 Mar 2013 22:14:21 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E27972706@DEN-EXDDA-S12.corp.ebay.com>
Non-USA members, please note that Daylight Savings Time has started in the USA, so the UTC offset is one hour earlier than usual.


DATE: 25-March-2013

TIME: 21:00-22:00 UTC (14:00-15:00 PST)



+1.617.761.6200; PIN 92794 ('WASWG') and  #webappsec on irc.w3.org:6665

(Or VoIP via the Zakim SIP bridge: http://www.w3.org/2006/tools/wiki/Zakim-SIP)



Agenda

==================



Scribe Selection

----------------------

Adam Barth

Jeff Hodges

David Huang

Gopal Raghavan

Eric Rescorla

Jacob Rossi <--

Peleus Uhley

Dan Veditz

Ryan Ware

Jim O'Leary

Adam Bresee

Ian Melven

Tanvi Vyas



Minutes approval

-----------------------

26-Feb-2013



Agenda bashing

--------------------



News

--------

  New team contact: Wendy Seltzer

  Re-chartering update

  Please register for April F2F: http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0039.html

  Web Components: Joint work with WebApps on security model: http://lists.w3.org/Archives/Public/public-webapps/2013JanMar/0762.html

  IETF-86 recap



Open / Pending Review Actions

-----------------------------------------

Brad Hill      https://www.w3.org/2011/webappsec/track/users/47563

Dan Veditz   https://www.w3.org/2011/webappsec/track/users/41156

Mike West   https://www.w3.org/2011/webappsec/track/users/56384

(Adam Barth sends regrets for this week's call)



Spec work

--------------

UI Security: keep 'top-only'? : http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0072.html

UI Security: Call for Consensus on publishing new WD



CORS:  2xx status codes: http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0000.html



CSP: clarifications

  Canonical paths: http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0019.html

  Need to be explicit on no-sniff for css and style-src? http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0004.html



CSP: uncontroversial?

  no-mixed-content: http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0049.html

  form-action: http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0091.html



CSP: issues with current spec

  Risks of Cross-Origin JSON POST? http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0084.html



CSP: new proposals

   Restricting base-uri http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0095.html

   HTTP response code in reports: http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0086.html

   nonce/hash as source expressions: http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0078.html

   jsonp-src, jsonp-sink: http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0011.html



CSP: implementation internals

  Blocked loading: 400 or network error? http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0051.html

  SecurityPolicyViolation DOM event source: http://lists.w3.org/Archives/Public/public-webappsec/2013Mar/0093.html
Received on Monday, 25 March 2013 22:14:55 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC