Draft schedule

WebAppSec WG members:  Below find a draft schedule for the WG's first F2F at TPAC 2011, next week in Santa Clara, CA.
We'll get this on the website as soon as I get some tooling issues worked through.

Please send additions, corrections and suggestions to this list.

Thank you,

Brad Hill
WebAppSec WG co-chair

Potential Topics
Testing
Joint Meetings with other WGs
WebApps and Fonts on CORS and From-Origin
CORS and UMP
Proposed sandbox directive in CSP: WHATWG has dropped text/html-sandboxed
Use case development for secure cross-origin framing
Agenda Monday, October 31
09:00 - 09:30 Introductions, charter reading
09:30 - 10:00 Tweak agenda à la an unconference style meeting
10:00 - 11:00 Status and Plans for CORS/UMP (ahead of joint meeting @ 11)
11:00 - 12:00 Joint meeting with WebFonts, WebAppSec and CSS WGs regarding CORS and From-Origin specs
12:00 - 13:00 Lunch
13:00 - 13:30 WebAppSec's Work Mode; tooling review, suggestions on process or tooling preferences
13:30 - 15:00 Spec status and plans; documenting expectations
* Announcement of Editors, Status and Plans for CSP
15:00 - 15:15 Break
15:15 - 16:00 Charter review, adjusting deliverable timelines
16:00 - 16:30 Report on IETF activity in WebSec WG (Peter Saint-Andre)
16:30 - 18:00

Agenda Tuesday, November 1
09:00 - 09:15 Tweak agenda à la an unconference style meeting
09:15 - 10:15 Use case / requirements development for Secure Cross-Origin Framing
10:00 - 11:00 Straw man proposals (if any) for Secure Cross-Origin Framing
11:00 - 12:00 Discussion with Federated Social Web XG on Crypto APIs
12:00 - 13:00 Lunch
13:00 - 15:00 CSP Issues
* Enter existing minor issues from Brandon Sterne, =JeffH into WG tracker
* Sandbox directive
* Workers
* XSLT
* SVG
* Handling plugin content with no origin
* Policy intersection algorithm
* Behavior for user-saved content, local app-caches, etc.
* frame-src and frame navigation
* Reporting
15:00 - 15:15 Break
15:00 - 16:00 Continue CSP discussion as needed
16:00 - 17:00