Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Device Bound Session Credentials #16

Open
benjaminackerman opened this issue Jul 15, 2024 · 2 comments
Open

Device Bound Session Credentials #16

benjaminackerman opened this issue Jul 15, 2024 · 2 comments
Labels
session Breakout session proposal

Comments

@benjaminackerman
Copy link

benjaminackerman commented Jul 15, 2024

Session description

Device Bound Session Credentials (DBSC) aims to enhance protection against web session theft by using a secure session that is bound to the device between the browser and web application. This session will provide a breakdown of the general attack vector of cookie theft that it is aiming to disrupt, an overview of the proposed DBSC web standard and host an open discussion about the web standard to gather any feedback or suggestions by the community. The session also covers an addition to the standard layered on DBSC, called the DBSC(E). DBSC(E) aims to provide session protection from malware for enterprise use cases against web session theft as an opt in.

Session goal

Present the DBSC and DBSC(E) API and protocol proposed for standardization and have an open discussion about any of the various components that are of interest.

Additional session chairs (Optional)

@kmonsen, @arnar, @alextok, @sameerag

Who can attend

Anyone may attend (Default)

IRC channel (Optional)

#dbsc

Other sessions where we should avoid scheduling conflicts (Optional)

#10

Instructions for meeting planners (Optional)

No response

Agenda for the meeting.

No response

Links to calendar

Meeting materials

@tpac-breakout-bot
Copy link
Collaborator

Thank you for proposing a session!

You may update the session description as needed and at any time before the meeting, but please keep in mind that tooling relies on issue formatting: follow the instructions and leave all headings and other formatting intact in particular. Bots and W3C meeting organizers may also update the description, to fix formatting issues or add links and other relevant information. Please do not revert these changes. Feel free to use comments to raise questions.

Do not expect formal approval; W3C meeting organizers endeavor to schedule all proposed sessions that are in scope for a breakout. Actual scheduling should take place shortly before the meeting.

@sameerag
Copy link

sameerag commented Sep 9, 2024

Adding to this session: Microsoft will co-present with Google the enterprise additions to this proposal. Current explainer is in the process of an update, and will be published before TPAC. Please check for updates in the main dbsc repo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
session Breakout session proposal
Projects
Status: No status
Development

No branches or pull requests

4 participants