Teleconference Agenda: 2018-04-18 from Daniel Veditz on 2018-04-16 (public-webappsec@w3.org from April 2018)

From: Daniel Veditz <dveditz@mozilla.com>
Date: Mon, 16 Apr 2018 15:16:12 -0700
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <b15dee8a-ae17-63fa-b114-5a3180ceff12@mozilla.com>

Hello, WebAppSec! We'll be having our fourth scheduled teleconference of
the year on Wednesday, April 18th at 9:00 PST, 12:00 EST, 18:00 CET, etc.

Dial-in details for the webex calls are posted member-only visible here:
https://www.w3.org/2011/webappsec/webex.html

Please join us on IRC and send "present+" for role-call: #webappsec on
irc.w3.org:6665 (https://irc.w3.org/?channels=webappsec)

TOPIC: Agenda Bashing

TOPIC: Minutes Approval
https://www.w3.org/2018/03/21-webappsec-minutes.html

TOPIC: News
*   Limit lifetime of cookies delivered via plaintext
    *   https://github.com/mikewest/cookies-over-http-bad
    *   https://github.com/w3ctag/design-reviews/issues/239
*   Moar?

TOPIC: Passwords
*   Proposal: `.well-known/modify-credentials`
    *
https://lists.w3.org/Archives/Public/public-webappsec/2018Apr/0003.html
    *   https://mikewest.github.io/change-password/
*   Exposing passwords via Credential Management API
    *
https://lists.w3.org/Archives/Public/public-webappsec/2018Feb/0005.html

TOPIC: CSP
*   Hashed attributes, inline attributes, and versioning
    *
https://lists.w3.org/Archives/Public/public-webappsec/2018Apr/0017.html
    *
https://docs.google.com/document/d/1_nYS4gWYO2Oh8rYDyPglXIKNsgCRVhmjHqWlTAHst7c/edit?usp=sharing
*   `navigate-to`
    *   https://w3c.github.io/webappsec-csp/#directive-navigate-to

TOPIC: Cross-origin load limitations
*   `From-Origin`
    *   https://github.com/whatwg/fetch/issues/687
    *   https://www.w3.org/TR/from-origin/
*   `Sec-Site`
    *   https://github.com/whatwg/fetch/issues/700

TOPIC: `Feature-Policy` and Permissions API

Thanks, folks! See you Wednesday!

Received on Monday, 16 April 2018 22:16:48 UTC