dru...@chromium.org, the...@chromium.org, arn...@chromium.org
https://github.com/w3c/webappsec-dbsc/blob/main/README.md
https://w3c.github.io/webappsec-dbsc
A way for websites to securely bind a session to a single device.
It will let servers have a session be securely bound to a device. The browser will renew the session periodically as requested by the server, with proof of possession of a private key.
https://github.com/w3ctag/design-reviews/issues/1052
Pending
Device Bound Session Credentials 2
DeviceBoundSessionCredentials2
https://github.com/w3c/webappsec-dbsc/blob/main/README.md
kDeviceBoundSessionRegistered
https://github.com/w3c/webappsec-dbsc/blob/main/README.md
Gecko: No signal (https://github.com/mozilla/standards-positions/issues/912)
WebKit: No signal (https://github.com/WebKit/standards-positions/issues/281)
Web developers: Positive (https://github.com/mozilla/standards-positions/issues/912#issuecomment-2204012985)
Other signals:
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
We've added new functionality for securing SSO (https://w3c.github.io/webappsec-dbsc/#federated-sessions), along with a new cross-site side channel protection (https://w3c.github.io/webappsec-dbsc/#json-session-instructions-allowed_refresh_initiators). We'd like to validate that these features meet site owner needs before shipping DBSC.
No
The initial support for TPMs is Windows-only. This feature will eventually support all platforms, as we integrate with the OS-specific key generation/usage mechanisms.
No
enable-standard-device-bound-session-credentials, enable-standard-device-bound-session-persistence, enable-standard-device-bound-session-credentials-refresh quota
DeviceBoundSessions
False
https://chromestatus.com/feature/5140168270413824?gate=5111520589643776
Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/60bae138-43ee-4525-a549-461f241e9ae5n%40chromium.org
Intent to Experiment: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/515ba278-c5fc-4ee0-8e88-21f34851778an%40chromium.org
This intent message was generated by Chrome Platform Status.
LGTM to experiment from M142 to M144.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXLL9AD6SSyUXpDcSB9m8y9nVnnNzAMTK6qmui%3DzKnM8G_5A%40mail.gmail.com.