Planning the 2023-01-18 call.

[mikewest]

Three topics come to mind for the next WG meeting:

• @clelland wanted to talk about some things relating to Permissions Policy. Ian, was there anyone else did you want to make sure was around for this? Can you help me recall the specific topics you wanted to touch upon?

• A few proposals in the same general area of deprecations and defaults have cropped up that might be worth discussing:

  • @johnwilander floated a linked-on-or-after idea at TPAC (which he'd like to punt to the February meeting)
  • @tomvangoethem wrote up a Progressive-Security header in a SecWeb presentation last year.
  • I wrote up a Baseline header.

• @arturjanc wants to chat through "more capable CSP3 hashes" (https://github.com/w3c/webappsec-csp/issues/574)

• @johnwilander wants to talk about communication with loopback; relatedly @iVanlIsh, @johnathan79717, and @letitz could be available to talk about Chrome's progress on Private Network Access

• The /.well-known/change-password proposal is broadly implemented and seems unlikely to change. Should we start the process of pushing it to CR/PR/REC, @hober / @rmondello?

Are there other topics we should add?

/cc @dveditz @samuelweiler

[mikewest]

@mozfreddyb @johnwilander @tomvangoethem Will some subset of y'all be available on the 18th?

[tomvangoethem]

Might run a bit late but I'll be joining the call.

[mozfreddyb]

Unfortunately, that time slot is generally bad for me. I'll see if I can find an exception for this upcoming meeting.

[mikewest]

@mozfreddyb: Unfortunately, that time slot is generally bad for me. I'll see if I can find an exception for this upcoming meeting.

Should we add "Re-reevaluate the timing and cadence for this call." to the agenda? :)

@tomvangoethem: Might run a bit late but I'll be joining the call.

Great!

[mozfreddyb]

@mozfreddyb: Unfortunately, that time slot is generally bad for me. I'll see if I can find an exception for this upcoming meeting.

Should we add "Re-reevaluate the timing and cadence for this call." to the agenda? :)

Would definitely increase the likelihood of my presence. I just don't have any great insights into whether the "new" slot works better for the majority of people than our previous slot?

[arturjanc]

I'd be happy if we could chat about the "more capable CSP3 hashes" (https://github.com/w3c/webappsec-csp/issues/574) proposal at some point; OTOH it looks like we have a bunch of things on the agenda already so if we're pressed for time, we can certainly punt this to the next call.

[johnwilander]

@mozfreddyb @johnwilander @tomvangoethem Will some subset of y'all be available on the 18th?

I'm still discussing the idea internally. People have sent me a bunch of references to earlier discussions that I need to work through. A Feb meeting on this topic is better.

[johnwilander]

I would like an update on all things loopback interface. Where are other browsers on blocking/enabling/detecting/preflighting all the things?

[mikewest]

@johnwilander: I would like an update on all things loopback interface. Where are other browsers on blocking/enabling/detecting/preflighting all the things?

I poked @iVanlIsh, @johnathan79717, and @letitz. One of them should be available to chat through Chrome's progress on private network access.

@arturjanc: I'd be happy if we could chat about the "more capable CSP3 hashes" (w3c/webappsec-csp#574) proposal at some point; OTOH it looks like we have a bunch of things on the agenda already so if we're pressed for time, we can certainly punt this to the next call.

I think the conversation around some of these topics will be short, given the request to punt things to February. I think we could squeeze in something around hashes. Is there anyone in particular you think should be around for that conversation?

[hober]

When on the 18th? My calendar is pretty busy that day.

[dveditz]

9am PST, noon EST: https://www.w3.org/groups/wg/webappsec/calendar

[dveditz]

@hober we don't really need you present on the call if you can tell us whether you're happy that the spec as it exists is "done". We can use the call for CfC from others on the call.

[clelland]

@mikewest I can definitely be there. I'm just trying to page back in all of the things from last year to recall what we wanted to discuss specifically :)

[mikewest]

Drafted agenda in https://github.com/w3c/webappsec/blob/main/meetings/2023/2023-01-18-agenda.md and started https://github.com/w3c/webappsec/issues/618 for the next call.

Closing this out.