W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2013

[webappsec] Proposed agenda for next week's F2F

From: Hill, Brad <bhill@paypal-inc.com>
Date: Fri, 19 Apr 2013 23:53:09 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E279D1D0B@DEN-EXDDA-S12.corp.ebay.com>
This agenda is still rough, and Friday is quite fluid, so I'd encourage feedback.  I would like to take a chunk of Friday, perhaps the entire afternoon to do test work on CSP since I expect people to filter towards the airport and home a few at a time, but would like to hear the level of interest in doing so.

Mike West will only be able to attend remotely on Thursday, so I'm front-loading the agenda with CSP items that morning, before it gets too late in Berlin.  We have one joint meeting proposed, with WebApps on Thursday.

I think we'll also cancel Tuesday's call and just move all business to the F2F for this week.

-Brad Hill

-----------------

Day 1: Thursday, 25 April:

9:00 - 9:30 Setup and introductions
9:30 - 9:45 Agenda bashing
9:45 - 11:00 CSP - Status and outstanding issues
	ISSUE-15, 33 srcdoc, blob:, filesystem, other inline sources refinement - relevant to hash src discussion?
	CSP and 'picture'
	Restricting base URLs
	Report uri media type and anonymous fetch
	Base url restriction
	Nonce/hash in source expression
	Response code in reports
11:00 - 11:30 Break
11:30 - 12:30 CSP - 
	Remaining proposed new directives
		https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1890
		json-src, sink
		No-mixed-content
	meta tag refinement
	ISSUE-37 plugin-types and iframes
	ISSUE-30 dynamic application of policies on partial load or post-onLoad?
	ISSUE-34,35 httpOnly directive to exclude access via script interfaces?
12:30 - 13:30 Lunch
14:30 - 15:00 Joint meeting with WebApps to discuss Web Components security model
15:00 - 15:30 Break
15:30 - 16:00 Admin: Charter updates, Will we meet in Shenzhen China for TPAC on Nov 18-22?
16:00 - 16:45 End of CfC on UI Security to WD.  Build next steps and work items for UI Security.

Day 2: Friday, 26 April

CORS bugs, plans to move to PR.
Text bashing on hash source as it relates to the HTML5 parsing model for inline script, css, and external resources?
Discussion on non-normative web security model document with David Rogers?
Test jam for CSP.
Received on Friday, 19 April 2013 23:53:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC