Hi there,
At IETF 92, we discussed the previously-mentioned
<https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0202.html> Token
Binding proposals, where they were officially adopted by the IETF Token
Binding WG.
One of the feedbacks we received there was that IETF I-Ds should stay
silent on new DOM APIs, and that those APIs should be developed in other
places. Currently, one of the proposed I-Ds
<http://tools.ietf.org/html/draft-balfanz-https-token-binding> mentions a
new DOM API, and I will remove that mention in the next revision.
Which then brings up the question of what to do about the DOM API, which
will no longer be mentioned in the I-D.
I was asked to gather comments and feedback from this group, and for that
purpose I wrote a doc that explains the problem and summarizes what the DOM
API would have to do:
https://docs.google.com/document/d/1x_3KI_v35NQFEsAbGGjNcyTw3Waoy1mL3YfTaQbyyuM/view?rm=minimal&pli=1
Comments/Feedback welcome, in particular comments on where this API should
be discussed/developed.
Dirk.