Event Updated: Web Application Security Working Group

[View this event in your browser](https://www.w3.org/events/meetings/dccfa810-ac8b-4894-9e94-a27eeaa5b84e/)

 Web Application Security Working Group Upcoming Confirmed
==========================================================

 23 September 2024, 09:00 -12:30 America/Los\_Angeles

  2 Ballroom Level - California B

[ Web Application Security Working Group ](https://www.w3.org/groups/wg/webappsec/calendar/) Agenda
------

[Agenda](https://github.com/w3c/webappsec/blob/main/meetings/2024/2024-09-TPAC-agenda.md)*WIP, still some flexibility based on feedback and availability.*

[23.09.2024, 9:00 - 12:30](https://www.w3.org/events/meetings/dccfa810-ac8b-4894-9e94-a27eeaa5b84e/): [2 Ballroom Level - California B](https://www.w3.org/2024/09/TPAC/schedule.html#map)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

- **9:00 - 9:15**: ☕ and agenda bashing.
- **9:15 - 9:45**: Crypto 
  - (~15m) Web Crypto ([@twiss](https://github.com/twiss)) 
      - Algorithms (modernizing, post-modernizing)
      - Curve 25591
      - Streaming
      - Feature Detection
  - (~15m) [Remote cryptokeys](https://github.com/WebKit/explainers/tree/main/remote-cryptokeys) ([@marcoscaceres](https://github.com/marcoscaceres), [@estark37](https://github.com/estark37))
- **9:45 - 10:30**: Application Integrity/Transparency ([@ddworken](https://github.com/ddworken)) 
  - (~25m) Extensions to SRI 
      - Additional content types
      - Additional assertion types ([signatures](https://github.com/mikewest/signature-based-sri), etc))
      - `require-sri-for` ([@yoavweiss](https://github.com/yoavweiss))
  - (~20m) Signing / Packaging
- **10:30 - 11:00**: ☕ & 🍰 @ [Lanai Deck, Fifth Floor](https://www.w3.org/2024/09/TPAC/schedule.html#map)
- **11:00 - 12:00**: CSP 
  - (~15m) Should the threat model include exfiltration? ([@yoavweiss](https://github.com/yoavweiss))
  - (~20m) How can we improve adoption? ([@simoneonofri](https://github.com/simoneonofri), [@johnwilander](https://github.com/johnwilander)) 
      - Docs & recommendations?
      - [CSP Next](https://github.com/WICG/csp-next)?
  - (~15m) Could we [require injection mitigation](https://mikewest.github.io/injection-mitigated/) for interesting APIs? ([@mikewest](https://github.com/mikewest))
  - (~10m) What's left before putting CSP into "living CR" mode?
- **12:00 - 12:10**: <https://github.com/w3c/webappsec-permissions-policy/issues/273> ([@sanketj](https://github.com/sanketj))
- **12:10 - 12:30**: **Breakout pitch session**. There are a number of breakout sessions ([grid](https://www.w3.org/2024/09/TPAC/breakouts.html#grid), [details](https://www.w3.org/2024/09/TPAC/breakouts.html#intro)) on 25.09.2024 that are relevant to this community. Let's talk about them a bit so folks can plan accordingly.

 Joining Instructions
--------------------

 Instructions are restricted to meeting participants. You need to [ log in](https://auth.w3.org/?url=https%3A%2F%2Fwww.w3.org%2Fevents%2Fmeetings%2Fdccfa810-ac8b-4894-9e94-a27eeaa5b84e%2F) to see them.

 Participants
------------

### Organizers

- Daniel Veditz
- Mike West

### Groups

- [Web Application Security Working Group](https://www.w3.org/groups/wg/webappsec/) ([View Calendar](https://www.w3.org/groups/wg/webappsec/calendar/))

### Invitees

- Nick Doty
- Sasha Firsov
- Matt Gibson
- Sanket Joshi
- Eric Kinnear
- Dibyajyoti Pal
- Lucas Pardue
- Aaron Shim
- Benjamin VanderSloot
- Rachel Yager

 Report feedback and issues on [ GitHub](https://github.com/w3c/calendar "W3C Calendar GitHub repository").