kris...@chromium.org, arn...@chromium.org, chl...@chromium.org
https://github.com/kmonsen/dbsc/blob/main/README.md
None
An API that will allow websites to securely bind a session to a single device. The browser will renew the session periodically as requested by the server, with proof of possession of a private key. It will not provide tracking ability beyond what cookies provide.
Blink>SecurityFeature>DeviceBoundSessionCredentials
Reduce session theft by offering an alternative to long-lived cookie bearer tokens, that allows session authentication that is bound to the user's device. This makes the web safer for users in that it is less likely their identity is abused, since malware is forced to act locally and thus becomes easier to detect and mitigate. At the same time the goal is to disrupt the cookie theft ecosystem and force it to adapt to tighter operating constraints.
https://github.com/WICG/proposals/issues/106
Pending
Gecko: No signal
WebKit: No signal
Web developers: No signals
Other signals:
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
No
No
None
None
False
No milestones specified
https://chromestatus.com/feature/5140168270413824
This intent message was generated by Chrome Platform Status.