Contact emails kristi...@chromium.org, arn...@chromium.org, chl...@chromium.org
Explainer https://github.com/kmonsen/dbsc/blob/main/README.md Specification None Summary An API that will allow websites to securely bind a session to a single device. The browser will renew the session periodically as requested by the server, with proof of possession of a private key. It will not provide tracking ability beyond what cookies provide. Blink component Blink>SecurityFeature>DeviceBoundSessionCredentials <https://bugs.chromium.org/p/chromium/components/detail?component=Blink%3ESecurityFeature%3EDeviceBoundSessionCredentials> Motivation Reduce session theft by offering an alternative to long-lived cookie bearer tokens, that allows session authentication that is bound to the user's device. This makes the web safer for users in that it is less likely their identity is abused, since malware is forced to act locally and thus becomes easier to detect and mitigate. At the same time the goal is to disrupt the cookie theft ecosystem and force it to adapt to tighter operating constraints. Initial public proposal https://github.com/WICG/proposals/issues/106 TAG review TAG review status Pending Risks Interoperability and Compatibility Gecko: No signal WebKit: No signal Web developers: No signals Other signals: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? No Debuggability Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? No Flag name on chrome://flags chrome://flags/#enable-bound-session-credentials Finch feature name None Non-finch justification None Requires code in //chrome? False Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5140168270413824 Links to previous Intent discussions This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/60bae138-43ee-4525-a549-461f241e9ae5n%40chromium.org.
