TPAC2011
WEB APPLICATION SECURITY
The Web Application Security WG (WebAppSec) will have a f2f meeting in Santa Clara California US on Monday October 31 and Tuesday November 1, 2011. This f2f meeting is part of the W3C's 2011 TPAC meeting - the W3C's annual Technical Plenary and All Working Group meeting week.
This page includes the agenda for this
meeting. Currently, this agenda is just a very rough outline and as such, it
will change. Agenda item proposals should be sent to
public-webappsec@w3.org
.
Contents |
Meeting Logistics
- Voice Conference Bridge (only when needed) = +1.617.761.6200; PIN = 92794 ("WASWG"); see also Zakim SIP Bridge
- IRC channel = #webappsec; irc.w3.org:6665
- Date = 31 October 2011 and 1 November 2011
- Time = 09:00 - 18:00 (US West Coast time zone, UTC/GMT -7:00 hours)
- Location = Marriott Hotel; Santa Clara California US
- Meeting Room = @TBD
Meeting Registration
All attendees MUST register for this meeting. See Registration Process.
WebAppsecs' registration list is available for those with a W3C Member Account.
Potential Topics
- Testing
- Joint Meetings with other WGs
- WebApps and Fonts on CORS and From-Origin
- CORS and UMP
- Proposed sandbox directive in CSP: WHATWG has dropped text/html-sandboxed
- Use case development for secure cross-origin framing
Agenda Monday, October 31
- 09:00 - 09:30 Introductions, charter reading
- 09:30 - 10:00 Tweak agenda à la an unconference style meeting
- 10:00 - 11:00 Status and Plans for CORS/UMP (ahead of joint meeting @ 11)
- 11:00 - 12:00 Joint meeting with WebFonts, WebAppSec and CSS WGs regarding CORS and From-Origin specs
- 12:00 - 13:00 Lunch
- 13:00 - 13:30 Spec status and plans; documenting expectations
- Announcement of Editors, Status and Plans for CSP
- 13:30 - 15:00 CSP Issues
- Enter existing minor issues from Brandon Sterne, =JeffH into WG tracker
- Sandbox directive
- Workers
- XSLT
- SVG
- Handling plugin content with no origin
- Policy intersection algorithm
- Behavior for user-saved content, local app-caches, etc.
- frame-src and frame navigation
- Reporting
- 15:00 - 16:00 Testing Infrastructure and Deliverable Discussion
- 16:15 - 16:45 Charter review, adjusting deliverable timelines
- 16:45 - 18:00 Finish CSP discussion
Agenda Tuesday, November 1
- 09:00 - 09:15 Tweak agenda à la an unconference style meeting
- 09:15 - 10:00 Report on IETF activity in WebSec WG (Peter Saint-Andre)
- 10:00 - 11:00 Revisit Day 1 decisions on CSP if objections from other WG members (as necessary)
- 11:00 - 12:00 Discussion with Federated Social Web XG on Crypto APIs
- 12:00 - 13:00 Lunch
- 13:00 - 14:30 Use-case and requirements for Secure Cross-Origin Framing
- 14:30 - 17:00 Straw man proposals for Secure Cross-Origin Framing