Started from the Web Security and Privacy conference in Oakland. Take existing work and focus efforts on HTTP/Web security at the protocol level (excluding SSL, authentication). E.g., HTTP headers, content security policy potentially. Open question as to what the mix of work is between W3C and IETF.
BoF in Maastricht.
CSP has been proposed in W3C WG, some overlap; high-level division of labour is to do things directly related to HTTP in IETF, whereas W3C does policy expressions, etc.
3. W3C Web Security work
XML Security 1.1 is going well. Web Security Context WG is wrapping up.
4. IETF HYBI WG
Alexey has put out a call for updated documents by the IETF cutoff date, July 12. If the workload is too much, we might try to add a second editor for each of the drafts (requirements and protocol).