Re: Agenda for 2025-02-09 from Benjamin Beurdouche on 2025-02-18 (public-webappsec@w3.org from February 2025)

From: Benjamin Beurdouche <beurdouche@mozilla.com>
Date: Tue, 18 Feb 2025 19:20:36 +0100
To: Mike West <mkwst@google.com>
Cc: Web Application Security Working Group <public-webappsec@w3.org>, Dan Veditz <dveditz@mozilla.com>, Simone Onofri <simone@w3.org>, Richard Hansen <rrh@meta.com>, Ezzudin Alkotob <ezz@meta.com>
Message-Id: <810A543B-1B00-4724-B375-9B023AD13557@mozilla.com>

Hi Mike, Hi All

Just a quick note to provide a link to a mini high level explainer for tomorrow’s discussion on 
Web Application Integrity Consistency and Transparency (WAICT)…

https://github.com/beurdouche/explainers/blob/main/waict-explainer.md

Richard Hansen (Meta) and Ezzudin Alkotob (Meta) who have been working on Web Application security 
for FB/WhatsApp/Instagram sites with CodeVerify will introduce the effort as I will be traveling, unfortunately.

Hope you’ll like it ! : )

Best,
Benjamin


> On 14 Feb 2025, at 09:39, Mike West <mkwst@google.com> wrote:
> 
> Wednesday, February 19th: 17:00 UTC <https://www.timeanddate.com/worldclock/fixedtime.html?iso=20250219T1700> (09:00 California, 12:00 Boston, 17:00 London, 18:00 Berlin)
> 
> Draft Agenda
> 
>  <https://github.com/w3c/webappsec/blob/main/meetings/2025/2025-02-19-agenda.md#draft-agenda>
> Reviving require-sri-for <https://github.com/w3c/webappsec-subresource-integrity/pull/129> (@yoavweiss)
> Web Application Integrity Consistency and Transparency (WAICT) (@beurdouche)
> Private Local Network Access <https://github.com/explainers-by-googlers/local-network-access> (@christhompson)
> CSP: "Choose a consistent model for workers under nonce-based policies <https://github.com/w3c/webappsec-csp/issues/375>" (@qabandi)
> Signature-based Integrity
> Adopt this as SRI Level 2? (@mikewest)
> Inline <script> Integrity <https://github.com/mikewest/inline-integrity> (@mikewest)
> What to do with unknown parameters? <https://github.com/WICG/signature-based-sri/issues/38> (@mikwest, @ddworken, et al)
> If you would like to add an item to the agenda, please open a PR against this document <https://github.com/w3c/webappsec/new/main/meetings/2025/2025-02-19-agenda..md>
> Logistics
> 
>  <https://github.com/w3c/webappsec/blob/main/meetings/2025/2025-02-19-agenda.md#logistics>
> Minutes: https://pad.w3.org/p/WebAppSec_2025-02-19 (Use your W3C credentials)
> Add these events <https://www.w3.org/groups/wg/webappsec/calendar#export> to your calendar
> #webappsec on W3C's slack instance <https://w3ccommunity.slack.com/>
> https://www.w3.org/slack-w3ccommunity-invite if you haven't already joined.
> Zoom:
> Details at https://auth.w3.org/?url=https://www.w3.org/groups/wg/webappsec/calendar
> 
> We have a lot of proposed topics, and it's unclear to me how much discussion we'll need for each. Apologies in advance if we don't get to one thing or another, and/or if we need to be a bit strict in terms of time allocation. :)
> 
> -mike

Received on Tuesday, 18 February 2025 18:22:32 UTC