2024-09-TPAC-agenda.md

TPAC 2024 Draft Agenda

WIP, still some flexibility based on feedback and availability.

23.09.2024, 9:00 - 12:30: 2 Ballroom Level - California B

• 9:00 - 9:15: ☕ and agenda bashing.
• 9:15 - 9:45: Crypto
  • (~15m) Web Crypto (@twiss)
    • Algorithms (modernizing, post-modernizing)
    • Curve 25591
    • Streaming
    • Feature Detection
• 9:45 - 10:30: Application Integrity/Transparency (@ddworken)
  • (~25m) Extensions to SRI
    • Additional content types
    • Additional assertion types (signatures, etc))
    • require-sri-for (@yoavweiss)
  • (~20m) Signing / Packaging
• 10:30 - 11:00: ☕ & 🍰 @ Lanai Deck, Fifth Floor
• 11:00 - 12:00: CSP
  • (~15m) Should the threat model include exfiltration? (@yoavweiss)
  • (~20m) How can we improve adoption? (@simoneonofri, @johnwilander)
    • Docs & recommendations?
    • CSP Next?
  • (~15m) Could we require injection mitigation for interesting APIs? (@mikewest)
  • (~10m) What's left before putting CSP into "living CR" mode?
• 12:00 - 12:10: w3c/webappsec-permissions-policy#273 (@sanketj)
• 12:10 - 12:30: Breakout pitch session. There are a number of breakout sessions (grid, details) on 25.09.2024 that are relevant to this community. Let's talk about them a bit so folks can plan accordingly.

26.09.2024, 9:00 - 12:30: 4 Concourse Level - Laguna

• 9:00 - 9:10: ☕ and agenda bashing.
• 9:10 - 10:10: Following up on breakout sessions, and/or topics we didn't get to on Monday
  • Deprecations, PEPC, DBSC all seem like they might benefit from more conversation.
  • We'll allocate time in this slot as part of agenda bashing above.
  • Suggestions:
    • CSP maintenance (pulling "What's left before putting CSP into 'living CR' mode?" from Monday)
    • trusted-types-eval discussion from WebKit/standards-positions#355 (@gregwhitworth)
    • Your suggestion goes here
• 10:10 - 10:30: Remote cryptokeys (@marcoscaceres, @estark37)
• 10:30 - 11:00: ☕ & 🍰 @ Lanai Deck, Fifth Floor
• 11:00 - 11:45: Isolation
  • (~30m) Cross-Origin Isolation
    • Document Isolation Policy (@camillelamy)
  • (~15m) Realms Initialization Control (@weizman)
• 11:45 - 12:20: Cookies
  • (~10m) sandbox="allow-same-site-none-cookies" (@aamuley)
  • (~5m) NOTE for standardizing cross-site cookie semantics (@dcthetall)
  • (~10m) Cookie Layering / RFC6265ter (@johannhof, @annevk)
  • (~10m) CHIPS (@johnwilander, @dcthetall)
• 12:20 - 12:30: Next steps, followup.