|
| 1 | +# SWAG Minutes - Mon 6 October 2025 |
| 2 | + |
| 3 | +Present: Dan, Aaron, Florian, Will |
| 4 | + |
| 5 | +## Survey |
| 6 | + |
| 7 | +- Dan to look into the form |
| 8 | +- Dan: Need to update the text on the last page to say to join the SWAG CG |
| 9 | +- Dan: Should be ready to launch afterwards |
| 10 | + |
| 11 | +## Supply chain attacks article |
| 12 | + |
| 13 | +- Dan: reached out to OpenSSF, unfortunately nobody commented so far |
| 14 | +- https://github.com/mdn/content/pull/41034 |
| 15 | +- Will: need to address some comments from Florian but we can merge afterwards |
| 16 | +- Dan to leave a review |
| 17 | + |
| 18 | +## Prototype Pollution PR |
| 19 | + |
| 20 | +Florian : hope this will be ready by next week's call. |
| 21 | + |
| 22 | +## Authentication |
| 23 | + |
| 24 | +- Plan: https://docs.google.com/document/d/1miZbXVjs070J2HH0rsDxqPnUaqNtPP51Uo8d4FU6PTk/edit?tab=t.0 |
| 25 | +- New own sub tree on MDN |
| 26 | +- Dan: Do you want to talk about legcy auth? Like when web developers come across HTTP auth etc. These are still used in the wild and maybe we should say "don't use them!" |
| 27 | +- Will: That's worth talking about |
| 28 | +- Dan: Also something on the usage of SMS 2FA and how it's not great |
| 29 | +- Dan: Could be that MFA is its own topic |
| 30 | +- Will: Not sure where to put it yet, information architecture problem |
| 31 | +- Dan: *ranty* Passkeys aren't always a replacement for passwords, sometimes there are still passwords and passkeys used both as ways for authentication |
| 32 | +- Will: Passkeys are still relatively new. Same for OTP etc. Its hard to know when to recommend which. |
| 33 | +- Dan: Another risk is portability of passkeys. |
| 34 | +- Will: Not sure what the story is here for the docs |
| 35 | +- Will: Passwords are good for portability and passkeys aren't |
| 36 | +- Dan: Understanding how the form interacts with the password manager is super important. |
| 37 | +- Will: There is a great article by Hidde about this: https://hidde.blog/making-password-managers-play-ball-with-your-login-form/ |
| 38 | +- Florian: How can we involve the new WICA CG? |
| 39 | +- Dan: We can loop them in our PRs |
| 40 | +- Dan: Also they might be quite focused on the promotion of passkeys |
| 41 | +- Will: Wonder if we should give them context prior to sending them PRs, like sending them this outline. |
| 42 | +- Dan: *reaches out to Hidde* |
| 43 | +- Florian: reach out to major identiy proviers such as MS Identity, Google Identity, Octa? |
| 44 | + |
| 45 | +## Other topics |
| 46 | + |
| 47 | +- *discussion of quality of OWASP cheat sheets* |
| 48 | +- SWAG Breakout at TPAC? |
| 49 | +- https://github.com/w3c/tpac2025-breakouts |
| 50 | +- We should attend https://github.com/w3c/tpac2025-breakouts/issues/3 |
0 commit comments