Re: Teleconference Agenda: 2018-06-20 from John Wilander on 2018-06-21 (public-webappsec@w3.org from June 2018)

From: John Wilander <wilander@apple.com>
Date: Thu, 21 Jun 2018 09:50:01 -0700
To: Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-id: <E51BF1C9-823F-496A-9BFC-D60E47070392@apple.com>

> On Jun 19, 2018, at 1:29 AM, Mike West <mkwst@google.com> wrote:
> 
> Hello, WebAppSec!
> 
> We'll be having our sixth scheduled teleconference of the year on Wednesday, June 20th at 9:00 PST, 12:00 EST, 18:00 CET, etc.
> 
> Dial-in details for the webex calls are posted member-only visible here:
> https://www.w3.org/2011/webappsec/webex.html <https://www.w3.org/2011/webappsec/webex.html>
> 
> Please join us on IRC and send "present+" for role-call: #webappsec on
> irc.w3.org:6665 <http://irc.w3.org:6665/> (https://irc.w3.org/?channels=webappsec <https://irc.w3.org/?channels=webappsec>)
> 
> TOPIC: Agenda Bashing
> 
> TOPIC: Minutes Approval
> https://www.w3.org/2018/05/16-webappsec-minutes.html <https://www.w3.org/2018/05/16-webappsec-minutes.html>
> 
> TOPIC: News
> * Safari 12 beta contains interesting new implementations of things like Storage Access API <https://webkit.org/blog/8124/introducing-storage-access-api/> (HTML issue #3338 <https://github.com/whatwg/html/issues/3338>),

Something I forgot to mention on yesterday’s call — the Storage Access API actually shipped in March. What you’re probably referring to is the revision of some of its internal functionality in Safari 12 betas. Details here: https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/

> Cross-Origin-Resource-Policy <https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header> (née From-Origin), Cross-Origin-Window-Policy <https://github.com/whatwg/html/issues/3740> and a one-time-code <https://github.com/whatwg/html/issues/3745> autocomplete attribute. (And probably more?)
> * `SameSite` cookies are shipping in Edge <https://twitter.com/MSEdgeUpdates/status/1008907272083394560> and IE(!).

As mentioned on the call, SameSite cookies are supported in Safari 12 betas too.

   Regards, John

> * HTTPWG is iterating on Structured Headers <https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-06>.
> 
> TOPIC: Spec Backlog
> * CfC to advance MIX and SECURE to REC?
> * Split Credential Management and advance the framework to CR? (Is #100 <https://github.com/w3c/webappsec-credential-management/pull/100> the only blocker?)
> * Advance Upgrade-Insecure-Requests to CR?
> 
> TOPIC: Cross-origin data leakage
> * Cross-Origin-Resource-Policy
>     * Implementation in Safari 12
>     * Anne landed an algorithm in Fetch <https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header>, and has been landing tests in WPT <https://github.com/web-platform-tests/wpt/tree/master/fetch/cross-origin-resource-policy>
> * Cross-Origin-Window-Policy
>     * Implementation in Safari 12
>     * Discussion on HTML: https://github.com/whatwg/html/issues/3740 <https://github.com/whatwg/html/issues/3740>
> * Sec-Metadata
>     * Implementation in Chrome Canary
>     * Sketched out a spec: https://mikewest.github.io/sec-metadata/ <https://mikewest.github.io/sec-metadata/>
> 
> Additions/suggestions welcome, either here on the list, or at the top of the call. Thanks!
> 
> -mike

Received on Thursday, 21 June 2018 16:50:32 UTC