Token Binding

Token binding allows servers to cryptographically bind bearer tokens (such as cookies) to the TLS layer, to prevent attacks where an attacker exports a bearer token from the user's machine to present to a web service and impersonate the user.

Documentation

• https://docs.google.com/document/d/1Ta3GlT_LrqAOLV217Kutn3B2trvifStxB0CThQ_kk78/edit?pli=1#heading=h.e51v5eatk0f3

Specification

Working draft or equivalent

Status in Chromium

Behind a flag (launch bug)

Consensus & Standardization

• Firefox: No public signals
• Edge: No public signals
• Safari: No public signals
• Web Developers: No signals

Owners

• nharper@chromium.org
• awhalley@chromium.org

Last updated on 2016-03-21