[webappsec] DRAFT agenda for F2F

WebAppSec WG Members,

Please take a look at the agenda draft below and let your thoughts be known.  This agenda sets out the mornings for work on the contents of our deliverables and the afternoons for working on the test suites.

Thanks,

Brad Hill

=======================

DRAFT WebAppSec F2F Agenda:

Day 1: Wednesday, May 2

9:00-9:45              Introductions, agenda tweaking
9:45-10:15           Last Call comments for CORS
10:15-10:45         CSP outstanding issues for 1.0
10:45-11:00         Break
11:00-12:30         CSP version.Next proposals
                Cut features:
                                Late binding with DOM API or META tag
                                Policy-URI
New directives:
                See wiki.
12:30-13:30         Lunch
13:30-16:30         Live Test Jam - Day 1

                Introduction to W3C test harness and WebAppSec test VM
                HelloWorld test case
                Building a "negative" test case for CSP
                Individual or team work on converting submitted test suites
                Check in with questions and blocks at end of day

Day 2: Thursday, May 3

9:00-9:30              Agenda tweaking
9:30-12:30           Anti-Clickjacking
                9:30-9:45             Clickjacking threats overview (Uhley?)
                9:45-10:45           Client-side approaches to anti-clickjacking (Lin-Shung Huang?, Maone?) - TENTATIVE
                10:45-11:00         Break
                11:00-11:20         Server-side and hybrid approaches (Hill)
                11:20-11:30         New UI controls (Hill)
                11:30-12:30         Discussion, refinement and other proposals
12:30-13:30         Lunch
13:30-16:30         Live Test Jam - Day 2

                Check-in with answers to questions and blocks from Day 1
Continue individual or team work on test case conversions

Received on Thursday, 26 April 2012 19:46:53 UTC