- From: Hill, Brad <bhill@paypal-inc.com>
- Date: Fri, 19 Apr 2013 23:53:09 +0000
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
This agenda is still rough, and Friday is quite fluid, so I'd encourage feedback. I would like to take a chunk of Friday, perhaps the entire afternoon to do test work on CSP since I expect people to filter towards the airport and home a few at a time, but would like to hear the level of interest in doing so. Mike West will only be able to attend remotely on Thursday, so I'm front-loading the agenda with CSP items that morning, before it gets too late in Berlin. We have one joint meeting proposed, with WebApps on Thursday. I think we'll also cancel Tuesday's call and just move all business to the F2F for this week. -Brad Hill ----------------- Day 1: Thursday, 25 April: 9:00 - 9:30 Setup and introductions 9:30 - 9:45 Agenda bashing 9:45 - 11:00 CSP - Status and outstanding issues ISSUE-15, 33 srcdoc, blob:, filesystem, other inline sources refinement - relevant to hash src discussion? CSP and 'picture' Restricting base URLs Report uri media type and anonymous fetch Base url restriction Nonce/hash in source expression Response code in reports 11:00 - 11:30 Break 11:30 - 12:30 CSP - Remaining proposed new directives https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1890 json-src, sink No-mixed-content meta tag refinement ISSUE-37 plugin-types and iframes ISSUE-30 dynamic application of policies on partial load or post-onLoad? ISSUE-34,35 httpOnly directive to exclude access via script interfaces? 12:30 - 13:30 Lunch 14:30 - 15:00 Joint meeting with WebApps to discuss Web Components security model 15:00 - 15:30 Break 15:30 - 16:00 Admin: Charter updates, Will we meet in Shenzhen China for TPAC on Nov 18-22? 16:00 - 16:45 End of CfC on UI Security to WD. Build next steps and work items for UI Security. Day 2: Friday, 26 April CORS bugs, plans to move to PR. Text bashing on hash source as it relates to the HTML5 parsing model for inline script, css, and external resources? Discussion on non-normative web security model document with David Rogers? Test jam for CSP.
Received on Friday, 19 April 2013 23:53:38 UTC