[Bug 69815] New: Feature request: support device bound session credentials (DBSC)

bugzilla Sat, 13 Sep 2025 11:23:52 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=69815


            Bug ID: 69815
           Summary: Feature request: support device bound session
                    credentials (DBSC)
           Product: Tomcat 11
           Version: unspecified
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Authentication
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: -------

Device Bound Session Credentials (DBSC) is a w3c protocol aiming at protecting
users from cookie theft.
DBSC is not a standard yet but is already part of a Google Chrome trial.

I think it'd be interesting for Tomcat to protect session cookies with this new
protocol.

Project: https://github.com/w3c/webappsec-dbsc
Specification: https://w3c.github.io/webappsec-dbsc/
Google Chrome trial: https://developer.chrome.com/blog/dbsc-origin-trial

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 69815] New: Feature request: support device bound session credentials (DBSC)

Reply via email to