Re: Agenda for 2025-02-09 from Mike West on 2025-03-10 (public-webappsec@w3.org from March 2025)

From: Mike West <mkwst@google.com>
Date: Mon, 10 Mar 2025 10:52:50 +0100
To: Web Application Security Working Group <public-webappsec@w3.org>
Cc: Dan Veditz <dveditz@mozilla.com>, Simone Onofri <simone@w3.org>, Richard Hansen <rrh@meta.com>, Ezzudin Alkotob <ezz@meta.com>, Benjamin Beurdouche <beurdouche@mozilla.com>
Message-ID: <CAKXHy=eVNUZvJ-V4b+mB6jJSuvfLu2b4AY+edWCiHDmsJ50-Tw@mail.gmail.com>

Minutes for this meeting are up at
https://github.com/w3c/webappsec/blob/main/meetings/2025/2025-02-19-minutes.md
.

We're planning the next meeting (2025-03-19) in
https://github.com/w3c/webappsec/issues/668; there's overflow from
February, and likely room for additional topics that interest y'all. Please
add your suggestions to the GitHub issue so we can solidify the agenda by
the end of the week.

-mike


On Tue, Feb 18, 2025 at 7:20 PM Benjamin Beurdouche <beurdouche@mozilla.com>
wrote:

> Hi Mike, Hi All
>
> Just a quick note to provide a link to a mini high level explainer for
> tomorrow’s discussion on
> Web Application Integrity Consistency and Transparency (WAICT)…
>
> https://github.com/beurdouche/explainers/blob/main/waict-explainer.md
>
> Richard Hansen (Meta) and Ezzudin Alkotob (Meta) who have been working on
> Web Application security
> for FB/WhatsApp/Instagram sites with CodeVerify will introduce the effort
> as I will be traveling, unfortunately.
>
> Hope you’ll like it ! : )
>
> Best,
> Benjamin
>
>
> On 14 Feb 2025, at 09:39, Mike West <mkwst@google.com> wrote:
>
> Wednesday, February 19th: 17:00 UTC
> <https://www.timeanddate.com/worldclock/fixedtime.html?iso=20250219T1700> (09:00
> California, 12:00 Boston, 17:00 London, 18:00 Berlin)
> Draft Agenda
> <https://github.com/w3c/webappsec/blob/main/meetings/2025/2025-02-19-agenda.md#draft-agenda>
>
>    - Reviving require-sri-for
>    <https://github.com/w3c/webappsec-subresource-integrity/pull/129>
>     (@yoavweiss)
>    - Web Application Integrity Consistency and Transparency (WAICT)
>    (@beurdouche)
>    - Private Local Network Access
>    <https://github.com/explainers-by-googlers/local-network-access>
>     (@christhompson)
>    - CSP: "Choose a consistent model for workers under nonce-based
>    policies <https://github.com/w3c/webappsec-csp/issues/375>" (@qabandi)
>    - Signature-based Integrity
>       - Adopt this as SRI Level 2? (@mikewest)
>       - Inline <script> Integrity
>       <https://github.com/mikewest/inline-integrity> (@mikewest)
>       - What to do with unknown parameters?
>       <https://github.com/WICG/signature-based-sri/issues/38> (@mikwest,
>       @ddworken, et al)
>
> If you would like to add an item to the agenda, please open a PR against this
> document
> <https://github.com/w3c/webappsec/new/main/meetings/2025/2025-02-19-agenda.md>
> Logistics
> <https://github.com/w3c/webappsec/blob/main/meetings/2025/2025-02-19-agenda.md#logistics>
>
>    - *Minutes*: https://pad.w3.org/p/WebAppSec_2025-02-19 (Use your W3C
>    credentials)
>    - Add these events
>    <https://www.w3.org/groups/wg/webappsec/calendar#export> to your
>    calendar
>    - *#webappsec* on W3C's slack instance
>    <https://w3ccommunity.slack.com/>
>       - https://www.w3.org/slack-w3ccommunity-invite if you haven't
>       already joined.
>    - *Zoom*:
>       - Details at
>       https://auth.w3.org/?url=https://www.w3.org/groups/wg/webappsec/calendar
>
>
> We have a lot of proposed topics, and it's unclear to me how much
> discussion we'll need for each. Apologies in advance if we don't get to one
> thing or another, and/or if we need to be a bit strict in terms of time
> allocation. :)
>
> -mike
>
>
>

Received on Monday, 10 March 2025 09:53:07 UTC