Re: [whatwg/fetch] Add support for federated token binding to fetch (#30) from sleevi on 2017-05-13 (public-webapps-github@w3.org from May 2017)

From: sleevi <notifications@github.com>
Date: Sat, 13 May 2017 01:00:23 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/30/301232746@github.com>

Token Binding's predecessors (Channel ID, Origin Bound Certs) is why Chrome
originally introduced the pooling it did.

Token Binding's design (to be at the H/2 Req/Response layer) was
particularly trying to address some of these deficiencies and make it
easier to reuse the same connection.

We have not yet modeled the privacy and security properties of referred
Token Binding into the credentialed access case to determine what reuse or
separation is needed. Since TB tries to mimic a request-oriented auth flow,
hopefully the properties are similar.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/30#issuecomment-301232746

Received on Saturday, 13 May 2017 08:00:56 UTC