from October 2014 by subject

"Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)

[Credential Management]: Tiny prototype to play around with.

[CSP] Implementer differences:

[CSP] Inconsistency between Source hash introduction and Source hash usage

[integrity] content-addressable cache?

[integrity] Different ways to associate integrity information

[MIX] 4.5 User Controls

[MIX] 5.1 Does settings object restrict mixed content?

[MIX] 6.1 May browsing context use powerful features?

[MIX] feedback

[MIX] Is origin an authenticated origin?

[MIX] Modifications to script APIs

[MIX] Normative statements in 4.1 Resource Fetching

[referrer] HTTPS->HTTP

[SRI] To trust or not to trust a CDN

[webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT

[webappsec] Call for Consensus: CSP Level 2 to Candidate Recommendation

[webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note

[webappsec] do we want a way to hash data: and blob: uris?

[webappsec] draft new WG home page

[webappsec] F2F at TPAC on hold

[webappsec] Rough and preliminary TPAC agenda for WebAppSec

[webappsec] SRI : allow multiple integrity attributes or ni:// uris?

[webappsec] Survey on WebAppSec Charter v.Next work

[webappsec] survey results

[webappsec] Topics for Rechartering

[webappsec] TPAC agenda changes

[webappsec] TPAC living agenda

[webappsec] updated (but still draft) TPAC agenda

Agenda for WebAppSec WG teleconference Wednesday Oct 8

Allow dynamically inserted <script>-Tags from trustworthy Scripts

CfC: Mixed Content to Last Call?

Frame access

Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)

FYI: Starting on CSP Next.

Implementer differences

Minimum viable SRI?

No-context ACTION emails are confusing


Permission that spans browsing contexts

referrer policy questions

Service workers, dedicated workers, and the environment settings object

This week's teleconference - keep it Wednesday for one more week

webappsec-ACTION-188: Evaluate json-src

webappsec-ACTION-189: Evaluatescript-ancestors

webappsec-ACTION-190: Is reflected-xss directive at risk?

webappsec-ACTION-191: Inconsistency in source hash description

webappsec-ACTION-192: Evaluate control over nesting depth.

webappsec-ACTION-193: Respond to Brian Smith on referrer-policy

webappsec-ACTION-194: Respond to Hatter Jiang on 401 attach

webappsec-ACTION-195: Respond to Hatter Jiang on JSONP directives - under consideration for v.Next

webappsec-ACTION-196: Remove intranet/internet section from Mixed Content spec

webappsec-ACTION-197: Schedule an ad-hoc at TPAC 2014 (+wseltzer, +plh, +robin, +tbl?)

webappsec-ACTION-198: Take bookmarklets discussion back to the list

webappsec-ACTION-199: Keep topic of internet/intranet connectivity and https on the w3c radar

webappsec-ISSUE-68 (401 prompting by subresources): How to manage 401 phishing prompts by subresources

webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next]

Last message date: Friday, 31 October 2014 18:38:19 UTC