W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2015

Update on IETF Token Binding WG / request for comments

From: Dirk Balfanz <balfanz@google.com>
Date: Thu, 26 Mar 2015 16:07:50 +0000
Message-ID: <CADHfa2AbQmwVVXF-qZPU_cxAuDEoG2+YEtwkm9vFf8td-7M6VA@mail.gmail.com>
To: public-webappsec@w3.org
Cc: Tokbind WG <unbearable@ietf.org>, Martin Thomson <mt@mozilla.com>, "wseltzer@w3.org" <wseltzer@w3.org>, Andrei Popov <Andrei.Popov@microsoft.com>
Hi there,

At IETF 92, we discussed the previously-mentioned
<https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0202.html> Token
Binding proposals, where they were officially adopted by the IETF Token
Binding WG.

One of the feedbacks we received there was that IETF I-Ds should stay
silent on new DOM APIs, and that those APIs should be developed in other
places. Currently, one of the proposed I-Ds
<http://tools.ietf.org/html/draft-balfanz-https-token-binding> mentions a
new DOM API, and I will remove that mention in the next revision.

Which then brings up the question of what to do about the DOM API, which
will no longer be mentioned in the I-D.

I was asked to gather comments and feedback from this group, and for that
purpose I wrote a doc that explains the problem and summarizes what the DOM
API would have to do:

https://docs.google.com/document/d/1x_3KI_v35NQFEsAbGGjNcyTw3Waoy1mL3YfTaQbyyuM/view?rm=minimal&pli=1

Comments/Feedback welcome, in particular comments on where this API should
be discussed/developed.

Dirk.
Received on Thursday, 26 March 2015 16:08:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:11 UTC