TPAC 2024 Agenda from Mike West on 2024-09-22 (public-webappsec@w3.org from September 2024)

From: Mike West <mkwst@google.com>
Date: Sun, 22 Sep 2024 11:19:49 +0200
To: Web Application Security Working Group <public-webappsec@w3.org>
Cc: Dan Veditz <dveditz@mozilla.com>, Simone Onofri <simone@w3.org>
Message-ID: <CAKXHy=ecZpXpQedU1MqoqNuFD3CMd-5TJ5tjFwLLgUg27vkHRQ@mail.gmail.com>
Hey folks,

A draft agenda for TPAC is up at
https://github.com/w3c/webappsec/blob/main/meetings/2024/2024-09-TPAC-agenda.md.
Feedback is welcome on both topic ordering, availability, things I missed,
and etc.

I'll paste the current version of the agenda below, but the GitHub URL is
the canonical version that we'll update as we go.

Looking forward to seeing y'all this week!

-mike

------------

TPAC 2024 *Draft* Agenda

*WIP, still some flexibility based on feedback and availability.*
23.09.2024, 9:00 - 12:30
<https://www.w3.org/events/meetings/dccfa810-ac8b-4894-9e94-a27eeaa5b84e/>: 2
Ballroom Level - California B
<https://www.w3.org/2024/09/TPAC/schedule.html#map>
<https://github.com/w3c/webappsec/blob/main/meetings/2024/2024-09-TPAC-agenda.md#23092024-900---1230-2-ballroom-level---california-b>

   - *9:00 - 9:15*: ☕ and agenda bashing.
   - *9:15 - 9:45*: Crypto
      - (~15m) Web Crypto (@twiss)
         - Algorithms (modernizing, post-modernizing)
         - Curve 25591
         - Streaming
         - Feature Detection
      - (~15m) Remote cryptokeys
      <https://github.com/WebKit/explainers/tree/main/remote-cryptokeys>
(@marcoscaceres,
      @estark37)
   - *9:45 - 10:30*: Application Integrity/Transparency (@ddworken)
      - (~25m) Extensions to SRI
         - Additional content types
         - Additional assertion types (signatures
         <https://github.com/mikewest/signature-based-sri>, etc))
         - require-sri-for (@yoavweiss)
      - (~20m) Signing / Packaging
   - *10:30 - 11:00*: ☕ & 🍰 @ Lanai Deck, Fifth Floor
   <https://www.w3.org/2024/09/TPAC/schedule.html#map>
   - *11:00 - 12:00*: CSP
      - (~15m) Should the threat model include exfiltration? (@yoavweiss)
      - (~20m) How can we improve adoption? (@simoneonofri, @johnwilander)
         - Docs & recommendations?
         - CSP Next <https://github.com/WICG/csp-next>?
      - (~15m) Could we require injection mitigation
      <https://mikewest.github.io/injection-mitigated/> for interesting
      APIs? (@mikewest)
      - (~10m) What's left before putting CSP into "living CR" mode?
   - *12:00 - 12:10*: w3c/webappsec-permissions-policy#273
   <https://github.com/w3c/webappsec-permissions-policy/issues/273>
    (@sanketj)
   - *12:10 - 12:30*: *Breakout pitch session*. There are a number of
   breakout sessions (grid
   <https://www.w3.org/2024/09/TPAC/breakouts.html#grid>, details
   <https://www.w3.org/2024/09/TPAC/breakouts.html#intro>) on 25.09.2024
   that are relevant to this community. Let's talk about them a bit so folks
   can plan accordingly.

26.09.2024, 9:00 - 12:30
<https://www.w3.org/events/meetings/5b918f03-a2a6-4b13-9391-252f61bcc09c/>: 4
Concourse Level - Laguna <https://www.w3.org/2024/09/TPAC/schedule.html#map>
<https://github.com/w3c/webappsec/blob/main/meetings/2024/2024-09-TPAC-agenda.md#26092024-900---1230-4-concourse-level---laguna>

   - *9:00 - 9:15*: ☕ and agenda bashing.
   - *9:30 - 10:30*: Following up on breakout sessions, and/or topics we
   didn't get to on Monday
      - Deprecations <https://github.com/w3c/tpac2024-breakouts/issues/20>,
      PEPC <https://github.com/WICG/PEPC/blob/main/explainer.md>, DBSC
      <https://github.com/WICG/dbsc/> all seem like they might benefit from
      more conversation.
      - We can allocate time in this slot more clearly in the hallways on
      Wednesday.
   - *10:30 - 11:00*: ☕ & 🍰 @ Lanai Deck, Fifth Floor
   <https://www.w3.org/2024/09/TPAC/schedule.html#map>
   - *11:00 - 11:45*: Isolation
      - (~30m) Cross-Origin Isolation
         - Document Isolation Policy
         <https://wicg.github.io/document-isolation-policy/> (@camillelamy)
      - (~15m) Realms Initialization Control
      <https://github.com/WICG/Realms-Initialization-Control> (@weizman)
   - *11:45 - 12:20*: Cookies
      - (~10m) sandbox="allow-same-site-none-cookies" (@aamuley)
      - (~10m) Cookie Layering
      <https://github.com/httpwg/http-extensions/issues/2084> / RFC6265tre
      <https://johannhof.github.io/draft-annevk-johannhof-httpbis-cookies/draft-annevk-johannhof-httpbis-cookies.html>
(@johannhof,
      @annevk)
      - (~10m) CHIPS <https://github.com/privacycg/CHIPS> (@johnwilander,
      @dcthetall)
   - *12:20 - 12:30*: Next steps, followup.
Received on Sunday, 22 September 2024 09:20:09 UTC