Device Bound Session Credentials (DBSC) aims to reduce account hijacking caused by cookie theft. It does so by introducing a protocol and browser infrastructure to maintain and prove possession of a cryptographic key.
DBSC also introduces a client based refresh mechanism where the client provides periodic auth refreshes based on server directions.
WebKittens
No response
Title of the spec
Device Bound Session Credentials
URL to the spec
https://github.com/WICG/dbsc/
URL to the spec's repository
No response
Issue Tracker URL
No response
Explainer URL
No response
TAG Design Review URL
No response
Mozilla standards-positions issue URL
https://github.com/mozilla/standards-positions/issues/912
WebKit Bugzilla URL
No response
Radar URL
No response
Description
Device Bound Session Credentials (DBSC) aims to reduce account hijacking caused by cookie theft. It does so by introducing a protocol and browser infrastructure to maintain and prove possession of a cryptographic key.
DBSC also introduces a client based refresh mechanism where the client provides periodic auth refreshes based on server directions.