- From: vanupam <notifications@github.com>
- Date: Tue, 21 Mar 2017 14:36:25 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/325/review/28245161@github.com>
vanupam commented on this pull request. > +where each <a for=/>token binding</a> consists of a +<a for=/>token binding ID</a>, a <a for=/>token binding type</a> and a cryptographic signature. + +<h4 id=federated-token-binding>Federated Token Binding</h4> + +<p>In the scenario described above, servers bind tokens to be used by user agents +with those servers. +To enable existing Web Authorization protocols to use bound credentials, +there is a need to support scenarios where bound credentials issued by one server +(e.g., an identity provider) are presented by the user agent to a different server +(e.g., a relying party). +[[TOKBIND-PROTOCOL]] and [[TOKBIND-HTTPS]] describe support for Federated Token Binding. + +<p>A <dfn export id=referred-token-binding-id>referred token binding ID</dfn> is the +<a for=/>token binding ID</a> for a server other than the server to which the <a for=/>request</a> +is being sent. Token Binding it is fully compatible with HTTP/2 connection coalescing. The Sec-Token-Binding header is built and transmitted per-request, and requests can be multiplexed over a secure pipe as usual. (If the TLS certificate allows multiple different eTLD+1 domains to be coalesced, requests to different domains will simply use different token-binding IDs when the headers are built) There are no references to HTTP/2 Coalescing in the current Fetch spec. Is there a reasonable place to add some information? (The Connections section, maybe?) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/325#discussion_r107282011
Received on Tuesday, 21 March 2017 21:37:32 UTC