TPAC2011

WEB APPLICATION SECURITY

The Web Application Security WG (WebAppSec) will have a f2f meeting in Santa Clara California US on Monday October 31 and Tuesday November 1, 2011. This f2f meeting is part of the W3C's 2011 TPAC meeting - the W3C's annual Technical Plenary and All Working Group meeting week.

This page includes the agenda for this meeting. Currently, this agenda is just a very rough outline and as such, it will change. Agenda item proposals should be sent to public-webappsec@w3.org.

Contents 1 Meeting Logistics 2 Meeting Registration 3 Specifications, Documents and References 4 Potential Topics 5 Agenda Monday, October 31 6 Agenda Tuesday, November 1 7 Minutes

Meeting Logistics

• Voice Conference Bridge (only when needed) = +1.617.761.6200; PIN = 92794 ("WASWG"); see also Zakim SIP Bridge
• IRC channel = #webappsec; irc.w3.org:6665
• Date = 31 October 2011 and 1 November 2011
• Time = 09:00 - 18:00 (US West Coast time zone, UTC/GMT -7:00 hours)
• Location = Marriott Hotel; Santa Clara California US
• Meeting Room = @TBD

Meeting Registration

All attendees MUST register for this meeting. See Registration Process.

WebAppsecs' registration list is available for those with a W3C Member Account.

Potential Topics

• Testing
• Joint Meetings with other WGs
  • WebApps and Fonts on CORS and From-Origin
• CORS and UMP
• Proposed sandbox directive in CSP: WHATWG has dropped text/html-sandboxed
• Use case development for secure cross-origin framing

Agenda Monday, October 31

• 09:00 - 09:30 Introductions, charter reading
• 09:30 - 10:00 Tweak agenda à la an unconference style meeting
• 10:00 - 11:00 Status and Plans for CORS/UMP (ahead of joint meeting @ 11)
• 11:00 - 12:00 Joint meeting with WebFonts, WebAppSec and CSS WGs regarding CORS and From-Origin specs
• 12:00 - 13:00 Lunch
• 13:00 - 13:30 Spec status and plans; documenting expectations
  • Announcement of Editors, Status and Plans for CSP
• 13:30 - 15:00 CSP Issues
  • Enter existing minor issues from Brandon Sterne, =JeffH into WG tracker
  • Sandbox directive
  • Workers
  • XSLT
  • SVG
  • Handling plugin content with no origin
  • Policy intersection algorithm
  • Behavior for user-saved content, local app-caches, etc.
  • frame-src and frame navigation
  • Reporting
• 15:00 - 16:00 Testing Infrastructure and Deliverable Discussion
• 16:15 - 16:45 Charter review, adjusting deliverable timelines
• 16:45 - 18:00 Finish CSP discussion

Agenda Tuesday, November 1

• 09:00 - 09:15 Tweak agenda à la an unconference style meeting
• 09:15 - 10:00 Report on IETF activity in WebSec WG (Peter Saint-Andre)
• 10:00 - 11:00 Revisit Day 1 decisions on CSP if objections from other WG members (as necessary)
• 11:00 - 12:00 Discussion with Federated Social Web XG on Crypto APIs
• 12:00 - 13:00 Lunch
• 13:00 - 14:30 Use-case and requirements for Secure Cross-Origin Framing
• 14:30 - 17:00 Straw man proposals for Secure Cross-Origin Framing