- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Mon, 16 Apr 2018 15:16:12 -0700
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hello, WebAppSec! We'll be having our fourth scheduled teleconference of
the year on Wednesday, April 18th at 9:00 PST, 12:00 EST, 18:00 CET, etc.
Dial-in details for the webex calls are posted member-only visible here:
https://www.w3.org/2011/webappsec/webex.html
Please join us on IRC and send "present+" for role-call: #webappsec on
irc.w3.org:6665 (https://irc.w3.org/?channels=webappsec)
TOPIC: Agenda Bashing
TOPIC: Minutes Approval
https://www.w3.org/2018/03/21-webappsec-minutes.html
TOPIC: News
* Limit lifetime of cookies delivered via plaintext
* https://github.com/mikewest/cookies-over-http-bad
* https://github.com/w3ctag/design-reviews/issues/239
* Moar?
TOPIC: Passwords
* Proposal: `.well-known/modify-credentials`
*
https://lists.w3.org/Archives/Public/public-webappsec/2018Apr/0003.html
* https://mikewest.github.io/change-password/
* Exposing passwords via Credential Management API
*
https://lists.w3.org/Archives/Public/public-webappsec/2018Feb/0005.html
TOPIC: CSP
* Hashed attributes, inline attributes, and versioning
*
https://lists.w3.org/Archives/Public/public-webappsec/2018Apr/0017.html
*
https://docs.google.com/document/d/1_nYS4gWYO2Oh8rYDyPglXIKNsgCRVhmjHqWlTAHst7c/edit?usp=sharing
* `navigate-to`
* https://w3c.github.io/webappsec-csp/#directive-navigate-to
TOPIC: Cross-origin load limitations
* `From-Origin`
* https://github.com/whatwg/fetch/issues/687
* https://www.w3.org/TR/from-origin/
* `Sec-Site`
* https://github.com/whatwg/fetch/issues/700
TOPIC: `Feature-Policy` and Permissions API
Thanks, folks! See you Wednesday!
Received on Monday, 16 April 2018 22:16:48 UTC