Re: TPAC 2024 Agenda from Mike West on 2024-09-23 (public-webappsec@w3.org from September 2024)

From: Mike West <mkwst@google.com>
Date: Mon, 23 Sep 2024 08:44:50 -0700
To: Web Application Security Working Group <public-webappsec@w3.org>
Cc: Dan Veditz <dveditz@mozilla.com>, Simone Onofri <simone@w3.org>
Message-ID: <CAKXHy=dV_3Jg91m_OkQMs6QK_177kUOWZpsA5_DQaD595=ZZkQ@mail.gmail.com>
Logistics:

We're in the California Ballroom B this morning (with some excitingly
percussive background music), starting between 9:00 and 9:15, depending on
when folks show up.

If you're joining via Zoom, the details are in
https://www.w3.org/events/meetings/dccfa810-ac8b-4894-9e94-a27eeaa5b84e/.

We additionally now have a #webappsec channel on the W3C's slack instance (
https://w3.org/slack-w3ccommunity-invite) if you have any
realtime questions or concerns.

See you shortly!

-mike


On Sun, Sep 22, 2024 at 2:19 AM Mike West <mkwst@google.com> wrote:

> Hey folks,
>
> A draft agenda for TPAC is up at
> https://github.com/w3c/webappsec/blob/main/meetings/2024/2024-09-TPAC-agenda.md.
> Feedback is welcome on both topic ordering, availability, things I missed,
> and etc.
>
> I'll paste the current version of the agenda below, but the GitHub URL is
> the canonical version that we'll update as we go.
>
> Looking forward to seeing y'all this week!
>
> -mike
>
> ------------
>
> TPAC 2024 *Draft* Agenda
>
> *WIP, still some flexibility based on feedback and availability.*
> 23.09.2024, 9:00 - 12:30
> <https://www.w3.org/events/meetings/dccfa810-ac8b-4894-9e94-a27eeaa5b84e/>
> : 2 Ballroom Level - California B
> <https://www.w3.org/2024/09/TPAC/schedule.html#map>
> <https://github.com/w3c/webappsec/blob/main/meetings/2024/2024-09-TPAC-agenda.md#23092024-900---1230-2-ballroom-level---california-b>
>
>    - *9:00 - 9:15*: ☕ and agenda bashing.
>    - *9:15 - 9:45*: Crypto
>       - (~15m) Web Crypto (@twiss)
>          - Algorithms (modernizing, post-modernizing)
>          - Curve 25591
>          - Streaming
>          - Feature Detection
>       - (~15m) Remote cryptokeys
>       <https://github.com/WebKit/explainers/tree/main/remote-cryptokeys> (@marcoscaceres,
>       @estark37)
>    - *9:45 - 10:30*: Application Integrity/Transparency (@ddworken)
>       - (~25m) Extensions to SRI
>          - Additional content types
>          - Additional assertion types (signatures
>          <https://github.com/mikewest/signature-based-sri>, etc))
>          - require-sri-for (@yoavweiss)
>       - (~20m) Signing / Packaging
>    - *10:30 - 11:00*: ☕ & 🍰 @ Lanai Deck, Fifth Floor
>    <https://www.w3.org/2024/09/TPAC/schedule.html#map>
>    - *11:00 - 12:00*: CSP
>       - (~15m) Should the threat model include exfiltration? (@yoavweiss)
>       - (~20m) How can we improve adoption? (@simoneonofri, @johnwilander)
>          - Docs & recommendations?
>          - CSP Next <https://github.com/WICG/csp-next>?
>       - (~15m) Could we require injection mitigation
>       <https://mikewest.github.io/injection-mitigated/> for interesting
>       APIs? (@mikewest)
>       - (~10m) What's left before putting CSP into "living CR" mode?
>    - *12:00 - 12:10*: w3c/webappsec-permissions-policy#273
>    <https://github.com/w3c/webappsec-permissions-policy/issues/273>
>     (@sanketj)
>    - *12:10 - 12:30*: *Breakout pitch session*. There are a number of
>    breakout sessions (grid
>    <https://www.w3.org/2024/09/TPAC/breakouts.html#grid>, details
>    <https://www.w3.org/2024/09/TPAC/breakouts.html#intro>) on 25.09.2024
>    that are relevant to this community. Let's talk about them a bit so folks
>    can plan accordingly.
>
> 26.09.2024, 9:00 - 12:30
> <https://www.w3.org/events/meetings/5b918f03-a2a6-4b13-9391-252f61bcc09c/>
> : 4 Concourse Level - Laguna
> <https://www.w3.org/2024/09/TPAC/schedule.html#map>
> <https://github.com/w3c/webappsec/blob/main/meetings/2024/2024-09-TPAC-agenda.md#26092024-900---1230-4-concourse-level---laguna>
>
>    - *9:00 - 9:15*: ☕ and agenda bashing.
>    - *9:30 - 10:30*: Following up on breakout sessions, and/or topics we
>    didn't get to on Monday
>       - Deprecations <https://github.com/w3c/tpac2024-breakouts/issues/20>
>       , PEPC <https://github.com/WICG/PEPC/blob/main/explainer.md>, DBSC
>       <https://github.com/WICG/dbsc/> all seem like they might benefit
>       from more conversation.
>       - We can allocate time in this slot more clearly in the hallways on
>       Wednesday.
>    - *10:30 - 11:00*: ☕ & 🍰 @ Lanai Deck, Fifth Floor
>    <https://www.w3.org/2024/09/TPAC/schedule.html#map>
>    - *11:00 - 11:45*: Isolation
>       - (~30m) Cross-Origin Isolation
>          - Document Isolation Policy
>          <https://wicg.github.io/document-isolation-policy/>
>           (@camillelamy)
>       - (~15m) Realms Initialization Control
>       <https://github.com/WICG/Realms-Initialization-Control> (@weizman)
>    - *11:45 - 12:20*: Cookies
>       - (~10m) sandbox="allow-same-site-none-cookies" (@aamuley)
>       - (~10m) Cookie Layering
>       <https://github.com/httpwg/http-extensions/issues/2084> / RFC6265tre
>       <https://johannhof.github.io/draft-annevk-johannhof-httpbis-cookies/draft-annevk-johannhof-httpbis-cookies.html> (@johannhof,
>       @annevk)
>       - (~10m) CHIPS <https://github.com/privacycg/CHIPS> (@johnwilander,
>       @dcthetall)
>    - *12:20 - 12:30*: Next steps, followup.
>
>
Received on Monday, 23 September 2024 15:45:11 UTC