See also: IRC log
present=
<bhill2_> Chairs:bhill2, dveditz
<bhill2_> Agenda: https://lists.w3.org/Archives/Public/public-webappsec/2016Dec/0012.html
-> https://rawgit.com/w3c/webappsec/master/admin/webappsec-charter-2017.html Draft Charter for review
bhill2_: agenda-bashing
... short agenda, approve recharter request
... issue on redacting origins in referrer policy
mkwst: I can give an update on clear site data and embedded enforcement
<bhill2_> mkwst: can update on Clear Site Data and Embedded Enforcement
<bhill2_> https://rawgit.com/w3c/webappsec/master/admin/webappsec-charter-2017.html
<dveditz> did we change the access #? the one I memorized didn't work
wseltzer: Director approved a 3-month extension while review
bhill2_: a few comments on list
<gmaone> present maone
bhill2_: scope: note
vulnerability mitigation, security model
... I need to make PR to update meeting schedule to monthly
mkwst: mostly seems
reasonable
... should we mention github, since most of our discussion is
there?
bhill2_: I'll make that
update
... should update the workmode document on public webpage
too
mkwst: webperf is sending weekly
summary of changes via github. should we look into that?
... mailing list is helpful in reaching more people; maybe a
github summary could help reach them
bhill2_: digest would be extraordinarily useful
mkwst: look at what other groups
are doing
... webperf is using a mechanical gathering
... that's a reasonable place to start, no extra work
... agree that a human-generated summary would be even more
useful
wseltzer: W3C has mechanical digest tooling
tanvi: permissions API, authors aren't in WG
bhill2_: we talked about at
TPAC
... we should make sure they join the group
dveditz: did web platform take permissions in scope?
bhill2_: looks as though no
dveditz: better for us to take it than not be owned
bhill2_: updates to meeting
frequency; github preferred workmode for spec issues
... with that, any objections to sendig that for AC review?
[no objections]
RESOLUTION: Update draft charter and send for AC Review
bhill2_: current state, moving to CR
<bhill2_> https://github.com/w3c/webappsec-referrer-policy/pull/77#issuecomment-255429675
bhill2_: last issue open PR
77
... proposal to redact ancestor origins property according to
whether referrer
... Boris proposed [as described in issue]
... I'm happy with that solution
<estark> +1, I think boris's proposal makes sense
bhill2_: any objections to closing CfC to move Referrer Policy to CR?
mkwst: I think Jochen has
something on clarifying style sheets referrers
... it would be good for that to land
... he sent for review yesterday
... would be nice to get that patch in
PR 83
<bhill2_> https://github.com/w3c/webappsec-referrer-policy/pull/83
mkwst: fairly confident we can
get that in this week
... would be useful before move to CR
mkwest: given publication
moratorium, I suggest we can resolve to move to CR
... and update with this patch before CR publication
bhill2_: sound good. Emily?
estark: sounds good to me
RESOLUTION: Referrer Policy to CR after Jochen's patch goes in
mkwst: I had a great intern
working on Embedded Enforcement
... Malika did very complicated work of figuring out a
reasonable algorithm
... I'm now working to clean up the text
... made lots of progress, ahve an implementation in Chrome
Canary I'd like folks to play with
... Clear Site Data, also lots of work last quarter
... Chrome Beta has an implementation
... mechanism for clearing origin-related data
... we have it working for navigational requqests
... close to working on subresource requests too
... e.g.. photos team wants to clear personal photos when you
log out
... we'd like to get feedback on current spec
... would be great if folks can review
... a few syntax changes to come
... comments would be very useful.
bhill2_: I've been looking for
consumers of Embedded Enforcement
... e.g. measurement tools, pixels or iframes
mkwst: on the one hand, I'd love
EE not to be useful because you never embed untrusted
stuff
... but, folks still embed 3d party stuff
... EE requires some work from 3d parties too
... look forward to feedback to make more rapid progress in new
year
bhill2_: AOB?
... next call Jan 18
... thanks for a great year, lots of accomplishments
wseltzer: you'll see first an
"advance notice of work in progress" and then a call for AC
Review (after W3C management reviews)
... on recharter
... Thanks for all the good work!
... including CSP2 to Rec