Hi Aaron, I think that sounds good and I like how it solves the dependency. Let's get the OAuth for Browser-Based Apps BCP published!
/Judith On Fri, Jun 26, 2026, 01:52 Aaron Parecki <aaron= [email protected]> wrote: > Hi all, > > As you probably know, the "OAuth for Browser-Based Apps BCP" document has > been stuck in the editor's queue for almost a year waiting on the > publication of RFC6265bis. In the meantime, the HTTPbis working group has > revised the recommendation in RFC6265bis that we reference, changing the > recommendation from prefixing cookies with "__Host-" to "__Host-Http-" in a > new document draft-ietf-httpbis-layered-cookies. > > Given that we want to update the recommendation to the most current, but > also don't want to be held up until the new draft-ietf-httpbis-layered-cookies > is published as an RFC, we were considering options to make the text > non-normative so that we can continue with publication without waiting on > these. > > How do folks feel about revising the recommendation in the Browser Apps > BCP to the following? > > >> The BFF SHOULD start the name of its cookies with a prefix indicating the >> cookie was set via HTTP, for example by using the `__Host-Http-` prefix >> defined in {{-draft-ietf-httpbis-layered-cookies}} > > > This text is based on the definition of the __Host-Http prefix from the > draft: > https://www.ietf.org/archive/id/draft-ietf-httpbis-layered-cookies-02.html#section-4.1.3.4 > > This helps developers and server operators to know that the cookie was set >> using a Set-Cookie header, and is limited in scope to HTTP requests. > > > This removes the normative dependency on the cookies drafts and makes it > an example instead, which would enable us to proceed with publication. > > Aaron > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
