Closed aaronpk closed 1 year ago
Thinking out loud, would the hypothetic "SPA attestation" be possible in principle / make sense at all?
Thinking out loud, would the hypothetic "SPA attestation" be possible in principle / make sense at all?
Yes, Chrome has a proposal for the "Web Integrity API", but it has received a lot of pushback:
https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md
Safari already shipped Private Access Tokens which are similar:
tbd: "Due to the inability to securely attest to the first-partyness of a browser based application, it is NOT RECOMMENDED to use this application in a browser-based application."