Formalizing the HTTP State Tokens proposal.

Way back in August, 2018, I started a thread [1] on a proposal to introduce
a client-controlled, origin-bound, HTTPS-only session identifier for
network-level state management [2].

I wasn't able to make it to IETF104, but I will be attending the HTTP
workshop next week. In the hopes of sparking some conversations there, I've
formalized the proposal as, clarifying
some pieces based on y'all's earlier feedback. I'm looking forward to your
feedback on, either here on the list, or at the workshop next week.




Received on Thursday, 28 March 2019 10:14:59 UTC