A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Token Binding Working Group of the IETF.
Title : Token Binding over HTTP
Authors : Andrei Popov
Magnus Nystroem
Dirk Balfanz
Adam Langley
Filename : draft-ietf-tokbind-https-00.txt
Pages : 9
Date : 2015-03-27
Abstract:
This document describes a collection of mechanisms that allow HTTP
servers to cryptographically bind authentication tokens (such as
cookies and OAuth tokens) to a TLS [RFC5246] connection.
We describe both _first-party_ as well as _federated_ scenarios. In
a first-party scenario, an HTTP server issues a security token (such
as a cookie) to a client, and expects the client to send the security
token back to the server at a later time in order to authenticate.
Binding the token to the TLS connection between client and server
protects the security token from theft, and ensures that the security
token can only be used by the client that it was issued to.
Federated token bindings, on the other hand, allow servers to
cryptographically bind security tokens to a TLS [RFC5246] connection
that the client has with a _different_ server than the one issuing
the token.
This Internet-Draft is a companion document to The Token Binding
Protocol [TBPROTO]
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-tokbind-https/
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-tokbind-https-00
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
