Last Call: <draft-ietf-tokbind-https-12.txt> (Token Binding over HTTP) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The IESG has received a request from the Token Binding WG (tokbind) to
consider the following document: - 'Token Binding over HTTP'
  <draft-ietf-tokbind-https-12.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2018-03-12. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


   This document describes a collection of mechanisms that allow HTTP
   servers to cryptographically bind security tokens (such as cookies
   and OAuth tokens) to TLS connections.

   We describe both first-party and federated scenarios.  In a first-
   party scenario, an HTTP server is able to cryptographically bind the
   security tokens it issues to a client, and which the client
   subsequently returns to the server, to the TLS connection between the
   client and server.  Such bound security tokens are protected from
   misuse since the server can generally detect if they are replayed
   inappropriately, e.g., over other TLS connections.

   Federated token bindings, on the other hand, allow servers to
   cryptographically bind security tokens to a TLS connection that the
   client has with a different server than the one issuing the token.

   This Internet-Draft is a companion document to The Token Binding
   Protocol.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-tokbind-https/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-tokbind-https/ballot/


No IPR declarations have been submitted directly on this I-D.







[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux