WIP, still some flexibility based on feedback and availability.
- 9:00 - 9:15: ☕ and agenda bashing.
- 9:15 - 9:45: Crypto
- (~15m) Web Crypto (@twiss)
- Algorithms (modernizing, post-modernizing)
- Curve 25591
- Streaming
- Feature Detection
- (~15m) Web Crypto (@twiss)
- 9:45 - 10:30: Application Integrity/Transparency (@ddworken)
- (~25m) Extensions to SRI
- Additional content types
- Additional assertion types (signatures, etc))
require-sri-for
(@yoavweiss)
- (~20m) Signing / Packaging
- (~25m) Extensions to SRI
- 10:30 - 11:00: ☕ & 🍰 @ Lanai Deck, Fifth Floor
- 11:00 - 12:00: CSP
- (~15m) Should the threat model include exfiltration? (@yoavweiss)
- (~20m) How can we improve adoption? (@simoneonofri, @johnwilander)
- Docs & recommendations?
- CSP Next?
- (~15m) Could we require injection mitigation for interesting APIs? (@mikewest)
- (~10m) What's left before putting CSP into "living CR" mode?
- 12:00 - 12:10: w3c/webappsec-permissions-policy#273 (@sanketj)
- 12:10 - 12:30: Breakout pitch session. There are a number of breakout sessions (grid, details) on 25.09.2024 that are relevant to this community. Let's talk about them a bit so folks can plan accordingly.
- 9:00 - 9:10: ☕ and agenda bashing.
- 9:10 - 10:10: Following up on breakout sessions, and/or topics we didn't get to on Monday
- Deprecations, PEPC, DBSC all seem like they might benefit from more conversation.
- We'll allocate time in this slot as part of agenda bashing above.
- Suggestions:
- CSP maintenance (pulling "What's left before putting CSP into 'living CR' mode?" from Monday)
trusted-types-eval
discussion from WebKit/standards-positions#355 (@gregwhitworth)- Your suggestion goes here
- 10:10 - 10:30: Remote cryptokeys (@marcoscaceres, @estark37)
- 10:30 - 11:00: ☕ & 🍰 @ Lanai Deck, Fifth Floor
- 11:00 - 11:45: Isolation
- (~30m) Cross-Origin Isolation
- Document Isolation Policy (@camillelamy)
- (~15m) Realms Initialization Control (@weizman)
- (~30m) Cross-Origin Isolation
- 11:45 - 12:20: Cookies
- (~10m)
sandbox="allow-same-site-none-cookies"
(@aamuley) - (~5m) NOTE for standardizing cross-site cookie semantics (@dcthetall)
- (~10m) Cookie Layering / RFC6265ter (@johannhof, @annevk)
- (~10m) CHIPS (@johnwilander, @dcthetall)
- (~10m)
- 12:20 - 12:30: Next steps, followup.