Contact emails [email protected], [email protected]
Explainer https://github.com/lucasrsant/dbsc-sso Specification No information provided Summary The Device Bound Session Credentials for SSO feature is an enhancement to the novel DBSC protocol which prevents cross-origin device binding bypasses. It introduces new browser capabilities to generate keys for a given Relying Party that are cryptographically proven to be stored on the same device as the Identity Provider's. This way, the Identity Provider can bless a trusted key to the Relying Party, making cross-origin device binding bypasses impractical. Blink component Blink>SecurityFeature Web Feature ID Missing feature Motivation Close the existing security gap in DBSC when Single Sign-On authentication flows happen, as current protocol does not guarantee that both Identity Provider and Relying Party sessions are bound to the same device, which can lead to malware bootstrapping new RP sessions from bound IdP sessions. Initial public proposal https://github.com/WICG/proposals/issues/268 Requires code in //chrome? False Tracking bug https://crbug.com/485514814 Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/6051103412191232?gate=6256700510306304 This intent message was generated by Chrome Platform Status. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6995cf9c.2b0a0220.19817b.05cb.GAE%40google.com.
