Teleconference Agenda: 2019-02-20 from Mike West on 2019-02-18 (public-webappsec@w3.org from February 2019)

From: Mike West <mkwst@google.com>
Date: Mon, 18 Feb 2019 11:24:20 +0100
To: Web Application Security Working Group <public-webappsec@w3.org>
Message-ID: <CAKXHy=dPSswb5FUVaJWNWzQ9H2pmG0wwer8PdPbgOZe-idYUdw@mail.gmail.com>

Hello, WebAppSec!

We'll be having our eighth scheduled teleconference of the year on
Wednesday, February 20th at 9:00 PST, 12:00 EST, 18:00 CET, etc.

TOPIC: Interesting specs in incubation.

There hasn't been much activity on the list recently, but there are some
interesting things in WICG and WHATWG to point to that seem to fall within
our wheelhouse (some of which might reasonably be targeting WebAppSec for
post-incubation standardization):

*   Trusted Types (https://github.com/WICG/trusted-types) is heading to an
origin trial in Chrome 73 to gather some developer feedback, and there's
the beginnings of spec document at
https://wicg.github.io/trusted-types/dist/spec/.

*   User Agent and Lang client hints (
https://github.com/WICG/ua-client-hints,
https://github.com/WICG/lang-client-hint)

*   First Party Sets (https://github.com/mikewest/first-party-sets) are an
early proposal to allow entities to join their domains together for some
specific purposes,

*   Fetch Metadata (https://mikewest.github.io/sec-metadata/) is
implemented behind a flag in Chrome, and I've heard some positive feedback
from folks at Mozilla. Perhaps this is worth adopting directly?

*   The `Cross-Origin` response header (
https://gist.github.com/annevk/17f580379c45802d5c3aef5a8fd53c7d) seems like
an interesting mechanism to reduce the risk of unexpected cross-origin data
leakage.

*   More? I'm sure there are other proposals floating around that we should
probably have opinions on. Help me track them down? :)

TOPIC: This call.

On the meta-level, I'd like to chat a bit about this call, and how we can
make it an effective part of our lives together. On the one hand, it might
be reasonable to reconsider the time-slot to make sure it still fits for
the folks who are interested. On the other, it may be worth rethinking the
way we run the call to see if we can be more effective about using the time
we spend with each other. Migrating to some form of video conference would
be lovely, for instance, and we might be able to learn from some other
groups' scribing techniques (shared documents for collaborative scribing,
for instance).

----------

Dial-in details for the webex calls are posted member-only visible here:
https://www.w3.org/2011/webappsec/webex.html

Please join us on IRC and send "present+" for role-call: #webappsec on
irc.w3.org:6665 (https://irc.w3.org/?channels=webappsec)

Thanks!

-mike

Received on Monday, 18 February 2019 10:24:59 UTC