2025-07-16 WebAppSec WG Agenda from Mike West on 2025-07-14 (public-webappsec@w3.org from July 2025)

From: Mike West <mkwst@google.com>
Date: Mon, 14 Jul 2025 09:52:27 +0200
To: Web Application Security Working Group <public-webappsec@w3.org>
Cc: Dan Veditz <dveditz@mozilla.com>, Simone Onofri <simone@w3.org>
Message-ID: <CAKXHy=frx4LTJULNzW7hGmoqYRMnhp9fUq3GDOxsyPRWwqWNrw@mail.gmail.com>

Wednesday, July 16th: 16:00 UTC
<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20250716T1600>
(09:00
California, 12:00 Boston, 17:00 London, 18:00 Berlin)
Draft Agenda
<https://github.com/w3c/webappsec/blob/main/meetings/2025/2025-07-16-agenda.md#draft-agenda>

   - DBSC: browser-initiated <https://w3c.github.io/webappsec-dbsc/> vs
   server-initiated
   <https://github.com/w3ctag/design-reviews/issues/1052#issuecomment-2946681508>
flows
   (@drubery)
   - Discussing real world struggles with CSP
   <https://github.com/w3c/webappsec-csp/issues/736> (@swijckmans)
   - Discouraging permission prompts
   <https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/security/no-prompts-please.md>
    (@mharbach)
   - SameSite=Strict and cross-app navigation (@kmonsen)
   - CfCs:
      - CfC to move CSP-3 to CR < 2025-07-16 - #682
      <https://github.com/w3c/webappsec/issues/682>
      - CfC to move Fetch Metadata to CR < 2025-07-16 - #681
      <https://github.com/w3c/webappsec/issues/681>
      - CfC to move SRI-2 to CR < 2025-07-16 - #680
      <https://github.com/w3c/webappsec/issues/680>
      - CfC to move WebCrypto-2 to CR < 2025-07-16 - #679
      <https://github.com/w3c/webappsec/issues/679>
      - CfC to publish Well-Known URL for Relying Party Passkey Endpoints
      as a FPWD < 2025-07-16 - #678
      <https://github.com/w3c/webappsec/issues/678>
      - CfC to publish DBSC as a FPWD < 2025-07-12 - #677
      <https://github.com/w3c/webappsec/issues/677>
   - What does FPWD involve and how to prepare for CR?

If you would like to add an item to the agenda, please open a PR against this
document on GitHub
<https://github.com/w3c/webappsec/new/main/meetings/2025/2025-07-16-agenda.md>
.
Logistics
<https://github.com/w3c/webappsec/blob/main/meetings/2025/2025-07-16-agenda.md#logistics>

   - Minutes: https://pad.w3.org/p/WebAppSec_2025-07-16 (Use your W3C
   credentials)
   - Add these events
   <https://www.w3.org/groups/wg/webappsec/calendar#export> to your calendar
   - #webappsec on W3C's slack instance <https://w3ccommunity.slack.com/>
      - https://www.w3.org/slack-w3ccommunity-invite if you haven't already
      joined.
   - Zoom:
      - Details at
      https://auth.w3.org/?url=https://www.w3.org/groups/wg/webappsec/calendar


-mike

Received on Monday, 14 July 2025 07:52:45 UTC