Agenda for 2025-04-29 from Simone Onofri on 2025-04-29 (public-security@w3.org from April 2025)

From: Simone Onofri <simone@w3.org>
Date: Tue, 29 Apr 2025 11:08:21 +0200
To: public-security@w3.org
Message-Id: <174D9E57-4360-408A-B50B-E7EC4E64E599@w3.org>
Dear Security Fellows,

[late agenda, due to power outage]

* We are using Zoom for the meeting.
    * Please log in to see the [W3C SING Events Calendar](https://www.w3.org/groups/ig/security/calendar/) for dial-in details. 
    * Participation is restricted to [SING group participants](https://www.w3.org/groups/ig/security/participants/).
    * Minutes will be taken in [W3C Pad](https://pad.w3.org/p/SING_2025-04-29).
    * Join [W3C Community Slack](https://www.w3.org/wiki/Slack) and Join [#sing channel](https://w3ccommunity.slack.com/archives/C083DKWSAJX) over Slack


## Agenda

* Administrivia
  * Scribe volunteer(s)?
  * Reminders: 
     * [Interest Group Membership](https://www.w3.org/groups/ig/security/)
     * [W3C Code of Conduct](https://www.w3.org/policies/code-of-conduct/)
* Participants Introduction (2 minutes roundtable)
* Next meetings
  * 13 May 2025
  * 27 May 2025
* Security Reviews
    * Work in progress
      * [WebAuthn Spec](https://w3ccommunity.slack.com/archives/C08DXPX52RJ)
      * [FedCM Spec](https://w3ccommunity.slack.com/archives/C08E4DR6Q6Q)

  * Reviews that need volunteer(s):
     * [specs](https://github.com/w3c/security-request/issues?q=is%3Aissue+is%3Aopen+no%3Aassignee+)   
       * [Web Neural Network API](https://github.com/w3c/security-request/issues/85)
       * [Web App Scope Extensions](https://github.com/w3c/security-request/issues/83)
       * [WebRTC API](https://github.com/w3c/security-request/issues/80)
     * [charters](https://github.com/w3c/strategy/issues?q=is%3Aissue+is%3Aopen+label%3A%22Horizontal+review+requested%22++-label%3A%22Security+review+completed%22+-label%3ACouncil)
       * [[wg/media] Media Working Group Charter](https://github.com/w3c/strategy/issues/504)
       * [[wg/payments] Web Payments Working Group Charter](https://github.com/w3c/strategy/issues/501)

 * Group Deliverables:
    * Threat Model for the Web (volunteers?)
    * Threat Modeling Guide (we're starting with a breakout session)
    * [Cryptography usage in W3C Standards](https://github.com/w3c/securityig/issues/12)

* Threat Models/Security Topics
  * [CfC: Availability to review protocols for the Digital Credentials API](https://github.com/w3c/securityig/issues/11)
  * Adopt [W3C Security Disclosures Best Practices](https://w3c.github.io/security-disclosure/) as per this need https://github.com/w3c/strategy/issues/503#issuecomment-2824386796
 
* AOB
  * [Global Collaboration on Wallets and Digital Credentials, we'll have a Threat Modeling Session](https://lu.ma/gc25-w3c)
  * [ThreatModCon in Barcelona, always talking about Threats in Credentials](https://www.threatmodcon.com/agenda/threat-modeling-digital-credentials-what-could-go-wrong)

Thank you,

Simone
Received on Tuesday, 29 April 2025 09:08:54 UTC