Teleconference Agenda: 2018-06-20 from Mike West on 2018-06-19 (public-webappsec@w3.org from June 2018)

From: Mike West <mkwst@google.com>
Date: Tue, 19 Jun 2018 10:29:25 +0200
To: Web Application Security Working Group <public-webappsec@w3.org>
Message-ID: <CAKXHy=epG=dnCkD+hoLy3mF=9LjTGpn87D0Fk3yh8RxSZPepVQ@mail.gmail.com>

Hello, WebAppSec!

We'll be having our sixth scheduled teleconference of the year on
Wednesday, June 20th at 9:00 PST, 12:00 EST, 18:00 CET, etc.

Dial-in details for the webex calls are posted member-only visible here:
https://www.w3.org/2011/webappsec/webex.html

Please join us on IRC and send "present+" for role-call: #webappsec on
irc.w3.org:6665 (https://irc.w3.org/?channels=webappsec)

TOPIC: Agenda Bashing

TOPIC: Minutes Approval
https://www.w3.org/2018/05/16-webappsec-minutes.html

TOPIC: News
* Safari 12 beta contains interesting new implementations of things
like Storage
Access API <https://webkit.org/blog/8124/introducing-storage-access-api/> (HTML
issue #3338 <https://github.com/whatwg/html/issues/3338>),
Cross-Origin-Resource-Policy
<https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header> (née
From-Origin), Cross-Origin-Window-Policy
<https://github.com/whatwg/html/issues/3740> and a one-time-code
<https://github.com/whatwg/html/issues/3745> autocomplete attribute. (And
probably more?)
* `SameSite` cookies are shipping in Edge
<https://twitter.com/MSEdgeUpdates/status/1008907272083394560> and IE(!).
* HTTPWG is iterating on Structured Headers
<https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-06>.

TOPIC: Spec Backlog
* CfC to advance MIX and SECURE to REC?
* Split Credential Management and advance the framework to CR? (Is #100
<https://github.com/w3c/webappsec-credential-management/pull/100> the only
blocker?)
* Advance Upgrade-Insecure-Requests to CR?

TOPIC: Cross-origin data leakage
* Cross-Origin-Resource-Policy
    * Implementation in Safari 12
    * Anne landed an algorithm in Fetch
<https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header>, and
has been landing tests in WPT
<https://github.com/web-platform-tests/wpt/tree/master/fetch/cross-origin-resource-policy>
* Cross-Origin-Window-Policy
    * Implementation in Safari 12
    * Discussion on HTML: https://github.com/whatwg/html/issues/3740
* Sec-Metadata
    * Implementation in Chrome Canary
    * Sketched out a spec: https://mikewest.github.io/sec-metadata/

Additions/suggestions welcome, either here on the list, or at the top of
the call. Thanks!

-mike

Received on Tuesday, 19 June 2018 08:30:08 UTC