Event Updated: Security Interest Group Plenary Call

[View this event in your browser](https://www.w3.org/events/meetings/6bd81029-7023-4e06-9a9f-86172ef351cb/20260428T160000/)

 Security Interest Group Plenary Call Upcoming Confirmed
========================================================

 28 April 2026, 16:00 -17:00 Europe/Madrid

 Event is recurring Every 14 days, starting from 15 April 2025, until 19 November 2026

[ Security Interest Group ](https://www.w3.org/groups/ig/security/calendar/)Security Interest Group Plenary call for task assignments.

 Agenda
------

[Agenda](https://github.com/w3c/securityig/tree/main/meetings)- **Administrivia**
    
    
    - Scribe volunteer(s) or Zoom AI?
    - Reminders: 
        - [Interest Group Membership](https://www.w3.org/groups/ig/security/)
        - [W3C Code of Conduct](https://www.w3.org/policies/code-of-conduct/)
- **Participants Introduction (2 minutes roundtable)**
- **Next meetings**
    
    
    - 12 May 2026
    - 26 May 2026
- **Security Topics**
    
    
    - **WebMCP: Threat Modeling Approach**
        
        
        - Issue: [webmachinelearning/webmcp#154](https://github.com/webmachinelearning/webmcp/issues/154)
        - Security and privacy considerations: [Security and Privacy Considerations for WebMCP](https://github.com/webmachinelearning/webmcp/blob/main/docs/security-privacy-considerations.md)
        - What are we working on: [Readme file](https://github.com/webmachinelearning/webmcp#background-and-motivation)
        
        We should discuss the approach on how to work with them: (a) filing issues, or (b) we should be to reverse-engineer the implicit threat model from the current security and privacy considerations. A possible outcome is an hybrid approach: file a small number of clear security issues if something arises, while recommending a compact threat-modeling note to guide the broader review.
- **Security Reviews**
    
    
    - **Devices and Sensors WG 2026 Charter review**
        
        
        - Issue: [w3c/strategy#530](https://github.com/w3c/strategy/issues/530)
        - Draft charter: [\[DRAFT\] Devices and Sensors Working Group Charter](https://w3c.github.io/charter-drafts/2026/das-wg-charter.html)
        - Background reading: [Peripheral Instinct: How External Devices Breach Browser Sandboxes](https://misc0110.net/web/files/peripheralinstinct_www25.pdf)
        
        The proposed Devices and Sensors WG charter should be reviewed with particular attention to APIs that expose device capabilities or persistent device state. The *Peripheral Instinct* paper has a useful analysis: low-level web access to peripherals can shift the trust boundary from a trusted host operating system to a potentially malicious web origin, with effects that may survive the browser session and cross the ordinary browser sandbox boundary. Should we require a threat model during chartering to understand if the residual threas are accettable?
    - Reviews that need volunteer(s):
        
        
        - [specs](https://github.com/w3c/security-request/issues?q=is%3Aissue+is%3Aopen+no%3Aassignee+)
        - [charters](https://github.com/w3c/strategy/issues?q=is%3Aissue+is%3Aopen+label%3A%22Horizontal+review+requested%22++-label%3A%22Security+review+completed%22+-label%3ACouncil)
- **Community / coordination**
    
    
    - **Threat Modeling Sessions**: We have [DID and RDF](https://www.w3.org/groups/cg/tmcg/calendar/), maybe adding a session for us to work on WebMCP?

 Joining Instructions
--------------------

 Instructions are restricted to meeting participants. You need to [ log in](https://auth.w3.org/?url=https%3A%2F%2Fwww.w3.org%2Fevents%2Fmeetings%2F6bd81029-7023-4e06-9a9f-86172ef351cb%2F%3FrecurrenceId%3D20260428T160000) to see them.

 Participants
------------

### Organizers

- Tommaso Innocenti
- Denis Roio
- Patrick Schaller

### Groups

- [Security Interest Group](https://www.w3.org/groups/ig/security/) ([View Calendar](https://www.w3.org/groups/ig/security/calendar/))

 Report feedback and issues on [ GitHub](https://github.com/w3c/calendar "W3C Calendar GitHub repository").