On Fri, Feb 6, 2026, 2:04 PM Rick Byers <[email protected]> wrote:
> Very happy to see this shipping! Just a couple questions. > > On Fri, Feb 6, 2026 at 4:56 PM Daniel Rubery <[email protected]> wrote: > >> One correction here: our web platform tests are now complete. >> > > Thanks! Have a wpt.fyi URL? > > On Friday, February 6, 2026 at 1:31:57 PM UTC-8 Chromestatus wrote: >> >>> *Contact emails* >>> [email protected], [email protected], [email protected] >>> >>> *Explainer* >>> https://github.com/w3c/webappsec-dbsc/blob/main/README.md >>> >>> *Specification* >>> https://w3c.github.io/webappsec-dbsc >>> >>> *Summary* >>> To enhance user security and combat session theft, Chrome is introducing >>> [Device Bound Session Credentials (DBSC)]( >>> https://developer.chrome.com/docs/web-platform/device-bound-session-credentials). >>> This feature allows websites to bind a user's session to their specific >>> device, making it significantly harder for stolen session cookies to be >>> used on other machines. >>> >>> *Blink component* >>> Blink >>> <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%22> >>> >>> *Web Feature ID* >>> Missing feature >>> >>> *Motivation* >>> Reduce session theft by offering an alternative to long-lived cookie >>> bearer tokens, that allows session authentication that is bound to the >>> user's device. This makes the web safer for users in that it is less likely >>> their identity is abused, since malware is forced to act locally and thus >>> becomes easier to detect and mitigate. At the same time the goal is to >>> disrupt the cookie theft ecosystem and force it to adapt to new >>> protections. >>> >>> *Initial public proposal* >>> https://github.com/WICG/proposals/issues/106 >>> >>> *TAG review* >>> https://github.com/w3ctag/design-reviews/issues/1052 >>> >>> *TAG review status* >>> Pending >>> >> > Please correct this to unsatisfied. > > I read the TAG feedback and interpret it as preferring a different > architecture than what our customers have told us they prefer. Does that > seem right? Or is there another reason why we disagree on the suggestion to > prefer a lower-level design? > Yep. The TAG's review is effectively a prediction that the way the architecture is tailored to our current partners makes it easier for them to adopt, at the cost of making the system harder to adapt to future needs. Jeffrey -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANh-dXkTUHAPWuDauZZPqtDiSEJX8ZDzfUGTnhH%3DGvimL9YwkQ%40mail.gmail.com.
