"Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)
- David Rogers (Wednesday, 22 October)
- Chris Palmer (Wednesday, 22 October)
- David Rogers (Wednesday, 22 October)
- Jeffrey Walton (Wednesday, 22 October)
- Jim Manico (Tuesday, 21 October)
- Chris Palmer (Tuesday, 21 October)
- Ángel González (Tuesday, 21 October)
- Adrienne Porter Felt (Monday, 20 October)
- Mike West (Monday, 20 October)
- Chris Palmer (Monday, 20 October)
- Brad Hill (Monday, 20 October)
- Brad Hill (Monday, 20 October)
- Chris Palmer (Monday, 20 October)
- Brad Hill (Monday, 20 October)
- Chris Palmer (Monday, 20 October)
- Mike West (Monday, 20 October)
[Credential Management]: Tiny prototype to play around with.
[CSP] Implementer differences: window.open
[CSP] Inconsistency between Source hash introduction and Source hash usage
[integrity] content-addressable cache?
- Brad Hill (Friday, 24 October)
- Mark Nottingham (Friday, 24 October)
- Mark Goodwin (Wednesday, 8 October)
- Mark Goodwin (Tuesday, 7 October)
- Brad Hill (Monday, 6 October)
- Mark Goodwin (Monday, 6 October)
- Devdatta Akhawe (Monday, 6 October)
- Devdatta Akhawe (Monday, 6 October)
- Mark Goodwin (Monday, 6 October)
- Mark Goodwin (Monday, 6 October)
- Anne van Kesteren (Monday, 6 October)
- Frederik Braun (Monday, 6 October)
[integrity] Different ways to associate integrity information
[MIX] 4.5 User Controls
[MIX] 5.1 Does settings object restrict mixed content?
- Mike West (Friday, 31 October)
- Ian Hickson (Thursday, 30 October)
- Mike West (Thursday, 30 October)
- Mike West (Thursday, 30 October)
- Ian Hickson (Thursday, 30 October)
- Anne van Kesteren (Thursday, 30 October)
- Ian Hickson (Thursday, 30 October)
- Anne van Kesteren (Thursday, 30 October)
- Ian Hickson (Thursday, 30 October)
- Anne van Kesteren (Thursday, 30 October)
[MIX] 6.1 May browsing context use powerful features?
[MIX] feedback
[MIX] Is origin an authenticated origin?
- Anne van Kesteren (Wednesday, 29 October)
- Mike West (Tuesday, 28 October)
- Anne van Kesteren (Tuesday, 28 October)
- Mike West (Tuesday, 28 October)
- Anne van Kesteren (Tuesday, 28 October)
- Anne van Kesteren (Thursday, 23 October)
- Mike West (Thursday, 23 October)
- Anne van Kesteren (Thursday, 23 October)
- Mike West (Thursday, 23 October)
- Anne van Kesteren (Thursday, 23 October)
- Mike West (Thursday, 23 October)
- Anne van Kesteren (Thursday, 23 October)
- Mike West (Thursday, 23 October)
- Anne van Kesteren (Thursday, 23 October)
- Mike West (Thursday, 23 October)
- Anne van Kesteren (Thursday, 23 October)
[MIX] Modifications to script APIs
[MIX] Normative statements in 4.1 Resource Fetching
[referrer] HTTPS->HTTP
- Martin Thomson (Monday, 27 October)
- Ian Melven (Monday, 27 October)
- Mark Nottingham (Monday, 27 October)
- Brad Hill (Friday, 24 October)
- Mark Nottingham (Friday, 24 October)
- Mike West (Friday, 24 October)
- Mark Nottingham (Friday, 24 October)
- Jochen Eisinger (Friday, 24 October)
- Mike West (Friday, 24 October)
- Mark Nottingham (Friday, 24 October)
- Jochen Eisinger (Friday, 24 October)
- Mike West (Friday, 24 October)
- Brian Smith (Friday, 24 October)
- Anne van Kesteren (Friday, 24 October)
- Mark Nottingham (Friday, 24 October)
- Anne van Kesteren (Friday, 24 October)
- Mark Nottingham (Friday, 24 October)
[SRI] To trust or not to trust a CDN
- Joel Weinberger (Friday, 31 October)
- Brian Smith (Friday, 31 October)
- Frederik Braun (Thursday, 30 October)
- Frederik Braun (Thursday, 30 October)
- Ben Toews (Wednesday, 29 October)
- Devdatta Akhawe (Wednesday, 29 October)
- Sean Snider (Wednesday, 29 October)
- Joel Weinberger (Wednesday, 29 October)
- Hatter Jiang OWS (Wednesday, 29 October)
- Ben Toews (Wednesday, 29 October)
- Mike West (Wednesday, 29 October)
- Brian Smith (Wednesday, 29 October)
- Joel Weinberger (Wednesday, 29 October)
- Frederik Braun (Tuesday, 28 October)
[webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT
- Michael[tm] Smith (Tuesday, 21 October)
- Mike West (Monday, 20 October)
- Brad Hill (Monday, 20 October)
- Anne van Kesteren (Monday, 20 October)
- Mike West (Monday, 20 October)
- Anne van Kesteren (Monday, 20 October)
- Mike West (Monday, 20 October)
- Anne van Kesteren (Monday, 20 October)
- Mike West (Monday, 20 October)
- Brad Hill (Sunday, 19 October)
[webappsec] Call for Consensus: CSP Level 2 to Candidate Recommendation
[webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note
[webappsec] do we want a way to hash data: and blob: uris?
[webappsec] draft new WG home page
[webappsec] F2F at TPAC on hold
[webappsec] Rough and preliminary TPAC agenda for WebAppSec
[webappsec] SRI : allow multiple integrity attributes or ni:// uris?
[webappsec] Survey on WebAppSec Charter v.Next work
[webappsec] survey results
[webappsec] Topics for Rechartering
[webappsec] TPAC agenda changes
[webappsec] TPAC living agenda
[webappsec] updated (but still draft) TPAC agenda
Agenda for WebAppSec WG teleconference Wednesday Oct 8
Allow dynamically inserted <script>-Tags from trustworthy Scripts
CfC: Mixed Content to Last Call?
Frame access
Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)
- Sean Snider (Wednesday, 29 October)
- Frederik Braun (Monday, 27 October)
- Mike West (Monday, 27 October)
- Tom Ritter (Saturday, 25 October)
- Sean Snider (Saturday, 25 October)
- Devdatta Akhawe (Friday, 24 October)
- Mike West (Friday, 24 October)
- Boris Zbarsky (Friday, 24 October)
- Michal Zalewski (Friday, 24 October)
- Mike West (Friday, 24 October)
- Anne van Kesteren (Friday, 24 October)
- Anne van Kesteren (Friday, 24 October)
- Mike West (Friday, 24 October)
FYI: Starting on CSP Next.
Implementer differences
Minimum viable SRI?
No-context ACTION emails are confusing
NTP vs. HSTS
- =JeffH (Friday, 17 October)
- Jose Selvi (Thursday, 16 October)
- Pawel Krawczyk (Thursday, 16 October)
- Adam Langley (Friday, 17 October)
- =JeffH (Friday, 17 October)
- Adam Langley (Thursday, 16 October)
- Chris Palmer (Thursday, 16 October)
- Adam Langley (Thursday, 16 October)
- Anne van Kesteren (Thursday, 16 October)
- John Kemp (Thursday, 16 October)
Permission that spans browsing contexts
referrer policy questions
Service workers, dedicated workers, and the environment settings object
This week's teleconference - keep it Wednesday for one more week
webappsec-ACTION-188: Evaluate json-src
webappsec-ACTION-189: Evaluatescript-ancestors
webappsec-ACTION-190: Is reflected-xss directive at risk?
webappsec-ACTION-191: Inconsistency in source hash description
webappsec-ACTION-192: Evaluate control over nesting depth.
webappsec-ACTION-193: Respond to Brian Smith on referrer-policy
webappsec-ACTION-194: Respond to Hatter Jiang on 401 attach
webappsec-ACTION-195: Respond to Hatter Jiang on JSONP directives - under consideration for v.Next
webappsec-ACTION-196: Remove intranet/internet section from Mixed Content spec
webappsec-ACTION-197: Schedule an ad-hoc at TPAC 2014 (+wseltzer, +plh, +robin, +tbl?)
webappsec-ACTION-198: Take bookmarklets discussion back to the list
webappsec-ACTION-199: Keep topic of internet/intranet connectivity and https on the w3c radar
webappsec-ISSUE-68 (401 prompting by subresources): How to manage 401 phishing prompts by subresources
webappsec-ISSUE-69 (Overt channel control in CSP): Consider directives to manage postMessage and external navigation of iframes [CSP Next]
Last message date: Friday, 31 October 2014 18:38:19 UTC