Teleconference Agenda: 2018-05-16 from Mike West on 2018-05-15 (public-webappsec@w3.org from May 2018)

From: Mike West <mkwst@google.com>
Date: Tue, 15 May 2018 08:50:09 +0200
To: Web Application Security Working Group <public-webappsec@w3.org>
Cc: Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>
Message-ID: <CAKXHy=eh2ofSxQgZMdewADub6_TqaJm6AOxXA3XrUP_mNqQBTg@mail.gmail.com>

Hello, WebAppSec!

We'll be having our fifth scheduled teleconference of the year on
Wednesday, May 16th at 9:00 PST, 12:00 EST, 18:00 CET, etc.

Dial-in details for the webex calls are posted member-only visible here:
https://www.w3.org/2011/webappsec/webex.html

Please join us on IRC and send "present+" for role-call: #webappsec on
irc.w3.org:6665 (https://irc.w3.org/?channels=webappsec)

TOPIC: Agenda Bashing

TOPIC: Minutes Approval
https://www.w3.org/2018/04/18-webappsec-minutes.html

TOPIC: News
* `SameSite` cookies shipping in Firefox 60, implemented in WebKit
<https://bugs.webkit.org/show_bug.cgi?id=159464> and in development in Edge
<https://developer.microsoft.com/en-us/microsoft-edge/platform/status/samesitecookies/?q=samesite>
.
* WebAuthn moved to CR: shipping in Firefox 60, Chrome 67, and Edge 17.
Dropbox added support.

TOPIC: CSP
* Hashed attributes, inline attributes, and versioning followup.
    *
https://lists.w3.org/Archives/Public/public-webappsec/2018Apr/0017.html
    * Explainer
<https://docs.google.com/document/d/1_nYS4gWYO2Oh8rYDyPglXIKNsgCRVhmjHqWlTAHst7c/edit>

TOPIC: Cross-origin data leakage
* Threat modeling.
* `from-origin`: https://github.com/whatwg/fetch/issues/687
* `sec-site`: https://github.com/whatwg/fetch/issues/700 / `sec-metadata`:
https://github.com/mikewest/sec-metadata

-mike

Received on Tuesday, 15 May 2018 06:50:48 UTC