Event Invitation: Web Application Security Working Group

[View this event in your browser](https://www.w3.org/events/meetings/dccfa810-ac8b-4894-9e94-a27eeaa5b84e/)

 Web Application Security Working Group Upcoming Confirmed
==========================================================

 23 September 2024, 09:00 -12:30 America/Los\_Angeles

  2 Ballroom Level - California B

[ Web Application Security Working Group ](https://www.w3.org/groups/wg/webappsec/calendar/) Agenda
------

[Agenda](https://github.com/w3c/webappsec/blob/main/meetings/2024/2024-09-TPAC-agenda.md)TPAC 2024 *Draft* Agenda
========================

*WIP, still some flexibility based on feedback and availability.*

[23.09.2024, 9:00 - 12:30](https://www.w3.org/events/meetings/dccfa810-ac8b-4894-9e94-a27eeaa5b84e/): [2 Ballroom Level - California B](https://www.w3.org/2024/09/TPAC/schedule.html#map)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

- **9:00 - 9:15**: ☕ and agenda bashing.
- **9:15 - 9:45**: Crypto 
  - (~15m) Web Crypto ([@twiss](https://github.com/twiss)) 
      - Algorithms (modernizing, post-modernizing)
      - Curve 25591
      - Streaming
      - Feature Detection
  - (~15m) [Remote cryptokeys](https://github.com/WebKit/explainers/tree/main/remote-cryptokeys) ([@marcoscaceres](https://github.com/marcoscaceres), [@estark37](https://github.com/estark37))
- **9:45 - 10:30**: Application Integrity/Transparency ([@ddworken](https://github.com/ddworken)) 
  - (~25m) Extensions to SRI 
      - Additional content types
      - Additional assertion types ([signatures](https://github.com/mikewest/signature-based-sri), etc))
      - `require-sri-for` ([@yoavweiss](https://github.com/yoavweiss))
  - (~20m) Signing / Packaging
- **10:30 - 11:00**: ☕ & 🍰 @ [Lanai Deck, Fifth Floor](https://www.w3.org/2024/09/TPAC/schedule.html#map)
- **11:00 - 12:00**: CSP 
  - (~15m) Should the threat model include exfiltration? ([@yoavweiss](https://github.com/yoavweiss))
  - (~20m) How can we improve adoption? ([@simoneonofri](https://github.com/simoneonofri), [@johnwilander](https://github.com/johnwilander)) 
      - Docs & recommendations?
      - [CSP Next](https://github.com/WICG/csp-next)?
  - (~15m) Could we [require injection mitigation](https://mikewest.github.io/injection-mitigated/) for interesting APIs? ([@mikewest](https://github.com/mikewest))
  - (~10m) What's left before putting CSP into "living CR" mode?
- **12:00 - 12:10**: <https://github.com/w3c/webappsec-permissions-policy/issues/273> ([@sanketj](https://github.com/sanketj))
- **12:10 - 12:30**: **Breakout pitch session**. There are a number of breakout sessions ([grid](https://www.w3.org/2024/09/TPAC/breakouts.html#grid), [details](https://www.w3.org/2024/09/TPAC/breakouts.html#intro)) on 25.09.2024 that are relevant to this community. Let's talk about them a bit so folks can plan accordingly.

[26.09.2024, 9:00 - 12:30](https://www.w3.org/events/meetings/5b918f03-a2a6-4b13-9391-252f61bcc09c/): [4 Concourse Level - Laguna](https://www.w3.org/2024/09/TPAC/schedule.html#map)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

- **9:00 - 9:15**: ☕ and agenda bashing.
- **9:30 - 10:30**: Following up on breakout sessions, and/or topics we didn't get to on Monday 
  - [Deprecations](https://github.com/w3c/tpac2024-breakouts/issues/20), [PEPC](https://github.com/WICG/PEPC/blob/main/explainer.md), [DBSC](https://github.com/WICG/dbsc/) all seem like they might benefit from more conversation.
  - We can allocate time in this slot more clearly in the hallways on Wednesday.
- **10:30 - 11:00**: ☕ &amp; 🍰 @ [Lanai Deck, Fifth Floor](https://www.w3.org/2024/09/TPAC/schedule.html#map)
- **11:00 - 11:45**: Isolation 
  - (~30m) Cross-Origin Isolation 
      - [Document Isolation Policy](https://wicg.github.io/document-isolation-policy/) ([@camillelamy](https://github.com/camillelamy))
  - (~15m) [Realms Initialization Control](https://github.com/WICG/Realms-Initialization-Control) ([@weizman](https://github.com/weizman))
- **11:45 - 12:20**: Cookies 
  - (~10m) `sandbox="allow-same-site-none-cookies"` ([@aamuley](https://github.com/aamuley))
  - (~10m) [Cookie Layering](https://github.com/httpwg/http-extensions/issues/2084) / [RFC6265tre](https://johannhof.github.io/draft-annevk-johannhof-httpbis-cookies/draft-annevk-johannhof-httpbis-cookies.html) ([@johannhof](https://github.com/johannhof), [@annevk](https://github.com/annevk))
  - (~10m) [CHIPS](https://github.com/privacycg/CHIPS) ([@johnwilander](https://github.com/johnwilander), [@dcthetall](https://github.com/dcthetall))
- **12:20 - 12:30**: Next steps, followup.

 Joining Instructions
--------------------

 Instructions are restricted to meeting participants. You need to [ log in](https://auth.w3.org/?url=https%3A%2F%2Fwww.w3.org%2Fevents%2Fmeetings%2Fdccfa810-ac8b-4894-9e94-a27eeaa5b84e%2F) to see them.

 Participants
------------

### Organizers

- Daniel Veditz
- Mike West

### Groups

- [Web Application Security Working Group](https://www.w3.org/groups/wg/webappsec/) ([View Calendar](https://www.w3.org/groups/wg/webappsec/calendar/))

### Invitees

- Nick Doty
- Sasha Firsov
- Matt Gibson
- Sanket Joshi
- Eric Kinnear
- Dibyajyoti Pal
- Lucas Pardue
- Aaron Shim
- Benjamin VanderSloot
- Rachel Yager

 Report feedback and issues on [ GitHub](https://github.com/w3c/calendar "W3C Calendar GitHub repository").