Re: TPAC 2024 Agenda from Mike West on 2024-09-23 (public-webappsec@w3.org from September 2024)

From: Mike West <mkwst@google.com>
Date: Mon, 23 Sep 2024 12:45:41 -0700
To: Web Application Security Working Group <public-webappsec@w3.org>
Cc: Dan Veditz <dveditz@mozilla.com>, Simone Onofri <simone@w3.org>
Message-ID: <CAKXHy=dXQ2JpTsO2+ceENTfGPLao+_-eVZLTiX_MHaMBSO9pdg@mail.gmail.com>
Hey folks!

Thanks for your time and attention today. Unaudited minutes are up at
https://github.com/w3c/webappsec/blob/main/meetings/2024/2024-09-23-TPAC-Minutes.md
(corrections,
clarifications, and fixes welcome!).

-mike


On Mon, Sep 23, 2024 at 8:44 AM Mike West <mkwst@google.com> wrote:

> Logistics:
>
> We're in the California Ballroom B this morning (with some excitingly
> percussive background music), starting between 9:00 and 9:15, depending on
> when folks show up.
>
> If you're joining via Zoom, the details are in
> https://www.w3.org/events/meetings/dccfa810-ac8b-4894-9e94-a27eeaa5b84e/.
>
> We additionally now have a #webappsec channel on the W3C's slack instance (
> https://w3.org/slack-w3ccommunity-invite) if you have any
> realtime questions or concerns.
>
> See you shortly!
>
> -mike
>
>
> On Sun, Sep 22, 2024 at 2:19 AM Mike West <mkwst@google.com> wrote:
>
>> Hey folks,
>>
>> A draft agenda for TPAC is up at
>> https://github.com/w3c/webappsec/blob/main/meetings/2024/2024-09-TPAC-agenda.md.
>> Feedback is welcome on both topic ordering, availability, things I missed,
>> and etc.
>>
>> I'll paste the current version of the agenda below, but the GitHub URL is
>> the canonical version that we'll update as we go.
>>
>> Looking forward to seeing y'all this week!
>>
>> -mike
>>
>> ------------
>>
>> TPAC 2024 *Draft* Agenda
>>
>> *WIP, still some flexibility based on feedback and availability.*
>> 23.09.2024, 9:00 - 12:30
>> <https://www.w3.org/events/meetings/dccfa810-ac8b-4894-9e94-a27eeaa5b84e/>
>> : 2 Ballroom Level - California B
>> <https://www.w3.org/2024/09/TPAC/schedule.html#map>
>> <https://github.com/w3c/webappsec/blob/main/meetings/2024/2024-09-TPAC-agenda.md#23092024-900---1230-2-ballroom-level---california-b>
>>
>>    - *9:00 - 9:15*: ☕ and agenda bashing.
>>    - *9:15 - 9:45*: Crypto
>>       - (~15m) Web Crypto (@twiss)
>>          - Algorithms (modernizing, post-modernizing)
>>          - Curve 25591
>>          - Streaming
>>          - Feature Detection
>>       - (~15m) Remote cryptokeys
>>       <https://github.com/WebKit/explainers/tree/main/remote-cryptokeys> (@marcoscaceres,
>>       @estark37)
>>    - *9:45 - 10:30*: Application Integrity/Transparency (@ddworken)
>>       - (~25m) Extensions to SRI
>>          - Additional content types
>>          - Additional assertion types (signatures
>>          <https://github.com/mikewest/signature-based-sri>, etc))
>>          - require-sri-for (@yoavweiss)
>>       - (~20m) Signing / Packaging
>>    - *10:30 - 11:00*: ☕ & 🍰 @ Lanai Deck, Fifth Floor
>>    <https://www.w3.org/2024/09/TPAC/schedule.html#map>
>>    - *11:00 - 12:00*: CSP
>>       - (~15m) Should the threat model include exfiltration? (@yoavweiss)
>>       - (~20m) How can we improve adoption? (@simoneonofri,
>>       @johnwilander)
>>          - Docs & recommendations?
>>          - CSP Next <https://github.com/WICG/csp-next>?
>>       - (~15m) Could we require injection mitigation
>>       <https://mikewest.github.io/injection-mitigated/> for interesting
>>       APIs? (@mikewest)
>>       - (~10m) What's left before putting CSP into "living CR" mode?
>>    - *12:00 - 12:10*: w3c/webappsec-permissions-policy#273
>>    <https://github.com/w3c/webappsec-permissions-policy/issues/273>
>>     (@sanketj)
>>    - *12:10 - 12:30*: *Breakout pitch session*. There are a number of
>>    breakout sessions (grid
>>    <https://www.w3.org/2024/09/TPAC/breakouts.html#grid>, details
>>    <https://www.w3.org/2024/09/TPAC/breakouts.html#intro>) on 25.09.2024
>>    that are relevant to this community. Let's talk about them a bit so folks
>>    can plan accordingly.
>>
>> 26.09.2024, 9:00 - 12:30
>> <https://www.w3.org/events/meetings/5b918f03-a2a6-4b13-9391-252f61bcc09c/>
>> : 4 Concourse Level - Laguna
>> <https://www.w3.org/2024/09/TPAC/schedule.html#map>
>> <https://github.com/w3c/webappsec/blob/main/meetings/2024/2024-09-TPAC-agenda.md#26092024-900---1230-4-concourse-level---laguna>
>>
>>    - *9:00 - 9:15*: ☕ and agenda bashing.
>>    - *9:30 - 10:30*: Following up on breakout sessions, and/or topics we
>>    didn't get to on Monday
>>       - Deprecations
>>       <https://github.com/w3c/tpac2024-breakouts/issues/20>, PEPC
>>       <https://github.com/WICG/PEPC/blob/main/explainer.md>, DBSC
>>       <https://github.com/WICG/dbsc/> all seem like they might benefit
>>       from more conversation.
>>       - We can allocate time in this slot more clearly in the hallways
>>       on Wednesday.
>>    - *10:30 - 11:00*: ☕ & 🍰 @ Lanai Deck, Fifth Floor
>>    <https://www.w3.org/2024/09/TPAC/schedule.html#map>
>>    - *11:00 - 11:45*: Isolation
>>       - (~30m) Cross-Origin Isolation
>>          - Document Isolation Policy
>>          <https://wicg.github.io/document-isolation-policy/>
>>           (@camillelamy)
>>       - (~15m) Realms Initialization Control
>>       <https://github.com/WICG/Realms-Initialization-Control> (@weizman)
>>    - *11:45 - 12:20*: Cookies
>>       - (~10m) sandbox="allow-same-site-none-cookies" (@aamuley)
>>       - (~10m) Cookie Layering
>>       <https://github.com/httpwg/http-extensions/issues/2084> /
>>       RFC6265tre
>>       <https://johannhof.github.io/draft-annevk-johannhof-httpbis-cookies/draft-annevk-johannhof-httpbis-cookies.html> (@johannhof,
>>       @annevk)
>>       - (~10m) CHIPS <https://github.com/privacycg/CHIPS> (@johnwilander,
>>       @dcthetall)
>>    - *12:20 - 12:30*: Next steps, followup.
>>
>>
Received on Monday, 23 September 2024 19:46:01 UTC