W3C

WebAppSec WG Teleconference, 18-DEC-2012

18 Dec 2012

Agenda

See also: IRC log

Attendees

Present
abresee, +1.408.320.aaaa, gioma1, +1.781.362.aabb, bhill2, dhuang3, gopal, tgondrom, erlend, +1.415.832.aacc, +1.650.214.aadd, mkwst, ekr, dveditz
Regrets
Chair
bhill2, ekr
Scribe
David Huang

Contents


<bhill2> Scribe: David Huang

<bhill2> Scribenick: dhuang3

<erlend> np

<bhill2> guess we'll have to fix that in the notes later

<bhill2> http://www.w3.org/2012/12/04-webappsec-minutes.html

<bhill2> draft minutes from last teleconference

<ekr_> Having some phone glitches

<bhill2> http://lists.w3.org/Archives/Public/public-webappsec/2012Dec/0027.html

<bhill2> any new items for the agenda?

no new items for agenda

bhill2: congrats to csp 1.1 fpwd

<bhill2> http://www.w3.org/2011/webappsec/track/actions/open

<ekr_> brad, I can edit the tracker if you want to talk

bhill2: closing action 70

heavy echo, can't hear

<ekr_> that's awesome

bhill2: action 87 remain open, new mail on list today
... closing action 90, dross intends to participate
... action 92 still open, no changes yet
... action 93, removed by mike
... action 99 closed
... action 100, 87 closed
... action 103 closed, has responded
... update on cors to cr, next publication date is jan 2
... addressed some small bugs
... have some requests on CSP reporting
... any opinions?

tobias: wonder if the level of detail in reports would be concerning?

mike: line numbers of JS may avoid leaking sensitive information, don't see major security impact

<dveditz> question: which list do we use, public-web-security seems to be "official", but the WG page on w3.org still points at public-webappsec?

<dveditz> both seem active

bhill2: may address some of that by avoiding interference of extensions and csp
... and also intermediate devices

tobias: is there any overflow risk? probably not

<jeffh> dveditz: public-webappsec@w3.org is the WG list

bhill2: gioma responded on list about UI safety/security/integrity

<dveditz> jeffh: oh, I reversed it? OK, the names make more sense then

bhill2: security/safety... integrity of information or integrity of person, any objections or preference to changing name?
... slighty favor UI security over UI integrity

<jeffh> sounds fine

<bhill2> ACTION to bhill2 change short name from UI Safety to UI Security on next WD publication

<trackbot> Sorry, couldn't find to. You can review and register nicknames at <http://www.w3.org/2011/webappsec/track/users>.

bhill2: no objections changing to UI security

<bhill2> ACTION bhill2 to change short name from UI Safety to UI Security on next WD publication

<trackbot> Created ACTION-105 - Change short name from UI Safety to UI Security on next WD publication [on Brad Hill - due 2012-12-25].

<bhill2> http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2012-November/038213.html

bhill2: should wait for abarth to discuss this

<jeffh> dveditz: public-web-security@ is the list for <http://www.w3.org/Security/wiki/IG> but was the precursor list for the WebAppSec WG

bhill2: next call will be skipped

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.137 (CVS log)
$Date: 2013-01-29 22:49:31 $

Default Present: abresee, +1.408.320.aaaa, gioma1, +1.781.362.aabb, bhill2, dhuang3, gopal, tgondrom, erlend, +1.415.832.aacc, +1.650.214.aadd, mkwst, ekr, dveditz Present: abresee +1.408.320.aaaa gioma1 +1.781.362.aabb bhill2 dhuang3 gopal tgondrom erlend +1.415.832.aacc +1.650.214.aadd mkwst ekr dveditz Agenda: http://lists.w3.org/Archives/Public/public-webappsec/2012Dec/0027.html Got date from IRC log name: 18 Dec 2012 Guessing minutes URL: http://www.w3.org/2012/12/18-webappsec-minutes.html