Web Application Security Working Group
- Past
- Confirmed
- Group Meetings
- Past
- Confirmed
- Group Meetings
Meeting
Agenda
WIP, still some flexibility based on feedback and availability.
23.09.2024, 9:00 - 12:30: 2 Ballroom Level - California B
- 9:00 - 9:15: ☕ and agenda bashing.
-
9:15 - 9:45: Crypto
- (~15m) Web Crypto (@twiss)
- Algorithms (modernizing, post-modernizing)
- Curve 25591
- Streaming
- Feature Detection
- (~15m) Remote cryptokeys (@marcoscaceres, @estark37)
- (~15m) Web Crypto (@twiss)
-
9:45 - 10:30: Application Integrity/Transparency (@ddworken)
- (~25m) Extensions to SRI
- Additional content types
- Additional assertion types (signatures, etc))
-
require-sri-for
(@yoavweiss)
- (~20m) Signing / Packaging
- (~25m) Extensions to SRI
- 10:30 - 11:00: ☕ & 🍰 @ Lanai Deck, Fifth Floor
-
11:00 - 12:00: CSP
- (~15m) Should the threat model include exfiltration? (@yoavweiss)
- (~20m) How can we improve adoption? (@simoneonofri, @johnwilander)
- Docs & recommendations?
- CSP Next?
- (~15m) Could we require injection mitigation for interesting APIs? (@mikewest)
- (~10m) What's left before putting CSP into "living CR" mode?
- 12:00 - 12:10: https://github.com/w3c/webappsec-permissions-policy/issues/273 (@sanketj)
- 12:10 - 12:30: Breakout pitch session. There are a number of breakout sessions (grid, details) on 25.09.2024 that are relevant to this community. Let's talk about them a bit so folks can plan accordingly.
Minutes
Read minutesExport options
Personal Links
Please log in to export this event with all the information you have access to.
Public Links
The following links do not contain any sensitive information and can be shared publicly.