- From: Hill, Brad <bhill@paypal-inc.com>
- Date: Thu, 26 Apr 2012 19:46:18 +0000
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E0A165F@DEN-EXDDA-S12.corp.ebay.com>
WebAppSec WG Members, Please take a look at the agenda draft below and let your thoughts be known. This agenda sets out the mornings for work on the contents of our deliverables and the afternoons for working on the test suites. Thanks, Brad Hill ======================= DRAFT WebAppSec F2F Agenda: Day 1: Wednesday, May 2 9:00-9:45 Introductions, agenda tweaking 9:45-10:15 Last Call comments for CORS 10:15-10:45 CSP outstanding issues for 1.0 10:45-11:00 Break 11:00-12:30 CSP version.Next proposals Cut features: Late binding with DOM API or META tag Policy-URI New directives: See wiki. 12:30-13:30 Lunch 13:30-16:30 Live Test Jam - Day 1 Introduction to W3C test harness and WebAppSec test VM HelloWorld test case Building a "negative" test case for CSP Individual or team work on converting submitted test suites Check in with questions and blocks at end of day Day 2: Thursday, May 3 9:00-9:30 Agenda tweaking 9:30-12:30 Anti-Clickjacking 9:30-9:45 Clickjacking threats overview (Uhley?) 9:45-10:45 Client-side approaches to anti-clickjacking (Lin-Shung Huang?, Maone?) - TENTATIVE 10:45-11:00 Break 11:00-11:20 Server-side and hybrid approaches (Hill) 11:20-11:30 New UI controls (Hill) 11:30-12:30 Discussion, refinement and other proposals 12:30-13:30 Lunch 13:30-16:30 Live Test Jam - Day 2 Check-in with answers to questions and blocks from Day 1 Continue individual or team work on test case conversions
Received on Thursday, 26 April 2012 19:46:53 UTC