<scribe> Scribe: Peleus Uhley

<scribe> ScribeNick: puhley

<bhill2> zakim aadd is bhill2

<abarth> it remembered my phone number! amazing

<tanvi> i'm aadd

bhill: I haven't posted day 2 minutes yet

<scribe> ACTION: bhill to add day 2 minutes [recorded in http://www.w3.org/2012/05/08-webappsec-minutes.html#action01]

<trackbot> Sorry, couldn't find user - bhill

<scribe> ACTION: bhill2 to add day 2 minutes from face to face meeting [recorded in http://www.w3.org/2012/05/08-webappsec-minutes.html#action02]

<trackbot> Created ACTION-64 - Add day 2 minutes from face to face meeting [on Brad Hill - due 2012-05-15].

<bhill2> agenda substitution: discuss more granular origin handling behavior in 1.0 in place of content type matching in 1.1

jrossi: Should sandbox directive be included in CSP 1.0?

abarth: There is an implementation in WebKit

bhill2: It was considered for 1.1 because it did not change the header or the syntax for CSP. Therefore, it could be supported in browsers without being in the 1.0 spec.

jrossi: Microsoft would like to get it into 1.0 so that they could officially validate their implementation.
... It meets the criteria for W3C requirements of two implementations.

bhill2: This may cause confusion with regards to declaring CSP support if individual sub-features are not supported. For instance, if IE supports sandbox but does not support all of the directives and Firefox supports all of the directives but not the sandbox implementation.

<scribe> ACTION: bhill2 to put question out to the list. [recorded in http://www.w3.org/2012/05/08-webappsec-minutes.html#action03]

<trackbot> Created ACTION-65 - Put question out to the list. [on Brad Hill - due 2012-05-15].

abarth: When receiving multiple policies, the browser should combine them.
... For experimental headers, the browser vendors implementing the experimental header will determine what works best for combining the header.

tanvi: Should there be same-origin restrictions for report-uri headers?

abarth: We will not allow report-uri in meta tag but we won't restrict it for headers.

bhill2: Should we allow more granular origins than just the domain?

dveditz: It would be good to define this in 1.0 so that expectations are set correctly going forward.

<scribe> ACTION: abarth to add error handling behavior in 1.0 spec [recorded in http://www.w3.org/2012/05/08-webappsec-minutes.html#action04]

<trackbot> Created ACTION-66 - Add error handling behavior in 1.0 spec [on Adam Barth - due 2012-05-15].

<jeffh> lots oF noise on some line

I am on mute right now so it isn't me.

<tanvi> someone who is typing

<gioma1> neither me. Someone typing

<scribe> ACTION: abarth to add a description for how to handle content-type in CSP 1.1 - 06/30/2012 [recorded in http://www.w3.org/2012/05/08-webappsec-minutes.html#action05]

<trackbot> Created ACTION-67 - Add a description for how to handle content-type in CSP 1.1 - 06/30/2012 [on Adam Barth - due 2012-05-15].

bhill2: For clickjacking, we would pursue something similar to ClearClick. Giorgio is nominated as editor.

dhuang3 volunteers to be an additional editor.

<scribe> ACTION: dhuang3 to coordinate with Giorgi on a draft proposal - 07/2012 [recorded in http://www.w3.org/2012/05/08-webappsec-minutes.html#action06]

<trackbot> Created ACTION-68 - Coordinate with Giorgi on a draft proposal - 07/2012 [on David Huang - due 2012-05-15].

RRSAgenet, make minutes

<timeless> trackbot, end meeting

This is scribe.perl Revision: 1.136  of Date: 2011/05/12 12:01:43  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/zakim aacc is puhley//
Succeeded: s/issue-35?//
Succeeded: s/ISSUE-35 does not exist//
Succeeded: s/issue-8?//
Succeeded: s|ISSUE-8 -- Identify proper behavior for html added via plubins / object tag -- closed||
Succeeded: s|http://www.w3.org/2011/webappsec/track/issues/8||
Succeeded: s|rrsagent set logs public-visible||
Succeeded: s/thank you, Josh//
Succeeded: s/quit//
Found Scribe: Peleus Uhley
Found ScribeNick: puhley

WARNING: No "Topic:" lines found.

Default Present: +1.650.678.aaaa, +1.866.317.aabb, +1.415.832.aacc, abarth, +1.650.386.aadd, +1.360.793.aaee, +1.425.865.aaff, +1.408.320.aagg, bhill2, dhuang3, puhley, gioma1, [Microsoft], dveditz
Present: +1.650.678.aaaa +1.866.317.aabb +1.415.832.aacc abarth +1.650.386.aadd +1.360.793.aaee +1.425.865.aaff +1.408.320.aagg bhill2 dhuang3 puhley gioma1 [Microsoft] dveditz
Agenda: http://lists.w3.org/Archives/Public/public-webappsec/2012May/0047.html
Got date from IRC log name: 08 May 2012
Guessing minutes URL: http://www.w3.org/2012/05/08-webappsec-minutes.html
People with action items: abarth bhill bhill2 dhuang3

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report