issues
search
WICG
/
dbsc
Other
272
stars
19
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Use Outside of Google
#62
amitassaraf
opened
20 hours ago
1
Refresh session performance 2: Fresh nonce prefetching.
#61
alextok
opened
2 weeks ago
0
Refresh session performance 1: Waiting for response from the server.
#60
alextok
opened
2 weeks ago
0
`Sec-` prefix for a server header
#59
yoavweiss
opened
3 weeks ago
2
Can DBSC stop common adversary in the middle attacks?
#57
RogerAGrimes
closed
1 month ago
2
Where does the challenge value go in the Registration JWT?
#56
tblachowicz
opened
2 months ago
1
Details on Session Identifier are not clear in the Explainer
#55
tblachowicz
opened
2 months ago
0
Response headers should use consistent separators
#54
sbweeden
opened
2 months ago
0
Why send JWTs two different ways?
#53
sbweeden
opened
2 months ago
2
typos
#51
sbweeden
closed
2 months ago
1
How can we tell when there is running code available in Chrome Canary
#50
sbweeden
closed
2 weeks ago
9
Add linked description for a use case
#48
wparad
opened
2 months ago
0
JWTs are not themselves base64url encoded
#47
bc-pi
opened
2 months ago
5
A simpler flow proposal
#46
el1s7
opened
2 months ago
56
how are endpoints conveyed from server to browser?
#45
bc-pi
opened
2 months ago
13
Public key in JWT
#44
bc-pi
opened
2 months ago
4
jti/nonce/challenge value?
#43
bc-pi
opened
2 months ago
2
iat is a number
#42
bc-pi
opened
2 months ago
0
JWS algorithms are case-sensitive
#41
bc-pi
closed
2 weeks ago
14
What is the expectation of multi-site cross-site signatures?
#40
wparad
opened
2 months ago
0
[Fetch] What's stopping us from using the Fetch API configuration to support this?
#39
wparad
opened
2 months ago
0
Should this approach extend to native applications?
#38
NickBorgersOnLowSecurityNode
opened
2 months ago
2
Check/inform status of DBSC per session/site in Chrome UI
#37
GuiPoM
opened
2 months ago
4
MVP Recommendation: TOTP
#36
wparad
opened
2 months ago
9
An attack vector for DBSC:
#35
maxhata
opened
2 months ago
8
Need for attestation?
#34
jackevans43
opened
2 months ago
5
timed refresh mechanism
#33
dickhardt
opened
2 months ago
1
Login Status API?
#32
dickhardt
opened
2 months ago
1
alignment with OAuth 2 flows for 1P authorization servers
#31
dickhardt
opened
2 months ago
3
explain `excluded scope`
#30
dickhardt
opened
2 months ago
3
Reduce latency by including refresh challenge
#29
dickhardt
opened
2 months ago
1
JWT clarifications needed
#28
dickhardt
opened
2 months ago
0
Explicitly type the JWT
#27
dickhardt
opened
2 months ago
2
How do servers manage the public keys and the sessions?
#26
hdfrk
opened
2 months ago
4
IP binding with Cookies cant be enough ?
#25
threatdecoder
opened
2 months ago
2
Question RE: Tracking and Identity Providers
#24
whitehatguy
opened
2 months ago
1
Require request signing for proof-of-possession
#23
joaopenteado
opened
2 months ago
18
Really supportive of this effort!
#22
miketheitguy
opened
2 months ago
0
non-TPM devices? Android and iPhone / iOS | iPadOS TPM equivalents?
#21
anwarmahmood1
opened
2 months ago
7
Cluttering the TPM and potential denial of service ?
#20
HoLyVieR
opened
2 months ago
13
In startsession we deliver authorization artifact in two different ways
#19
alextok
opened
3 months ago
2
Update the header to sec-session-registration
#18
appsdesh
closed
3 months ago
3
Origin trial updates
#17
kmonsen
opened
3 months ago
0
Diagram mismatch
#16
alextok
closed
3 months ago
3
key_registration_header.svg is hard to read when the reader's browser is dark mode.
#15
aawc
closed
5 months ago
2
Clarification of BFCache handling
#14
simon-friedberger
opened
5 months ago
0
Insufficient rationale
#13
simon-friedberger
opened
5 months ago
13
The scheme is a little bit redundant for a redirect-based auth
#12
alextok
opened
5 months ago
13
Support of different types of tokens is not clear
#11
alextok
closed
5 months ago
5
move sequence diagram code into link in main doc for better discovera…
#10
mattjm
closed
6 months ago
0
Next