w3c/webappsec-dbsc issues and pull requests

#187 - There are three .well-known keys

Pull Request - State: closed - Opened by drubery 2 months ago

#186 - Appropriate Prefix for Server initiated header field (`Secure-` ?)

Issue - State: closed - Opened by Jxck 3 months ago - 3 comments

#185 - Mention proactive refreshes in the spec

Pull Request - State: closed - Opened by drubery 3 months ago

#184 - `Secure-` to `Sec-` in HTTP header fields

Pull Request - State: closed - Opened by Jxck 3 months ago - 2 comments

#183 - Add spec.html to .gitignore

Pull Request - State: closed - Opened by drubery 3 months ago

#182 - Change some field defaults

Pull Request - State: closed - Opened by drubery 3 months ago - 2 comments

#181 - Improve key sharing section

Pull Request - State: closed - Opened by drubery 3 months ago

#180 - Minor updates

Pull Request - State: closed - Opened by drubery 3 months ago

#179 - Describe future Login Status API integration

Pull Request - State: closed - Opened by drubery 3 months ago

#178 - iat is a number and jwk is json

Issue - State: open - Opened by bc-pi 3 months ago

#177 - JS bindings for usage of session keys

Issue - State: open - Opened by drubery 3 months ago

#176 - JS bindings for session registration

Issue - State: open - Opened by drubery 3 months ago

#175 - Detail WebAuthn alternative

Pull Request - State: closed - Opened by drubery 3 months ago

#174 - Small polish improvements

Pull Request - State: closed - Opened by drubery 3 months ago - 1 comment

#173 - Add "and return" when terminating session

Pull Request - State: closed - Opened by drubery 3 months ago

#172 - Replace "whatever_cookies_apply_to_this_request"

Pull Request - State: closed - Opened by drubery 3 months ago - 1 comment

#171 - Describe session key sharing mechanism

Pull Request - State: closed - Opened by drubery 3 months ago

#170 - Fix links to session scope and session credentials

Pull Request - State: closed - Opened by drubery 3 months ago

#169 - DBSC state should only update when cookies can be set

Pull Request - State: closed - Opened by drubery 3 months ago

#168 - Update redirect handling for DBSC requests

Pull Request - State: closed - Opened by drubery 3 months ago

#167 - Use ECDH + HS256 to sign all requests?

Issue - State: closed - Opened by reitowo 3 months ago - 7 comments

#166 - Make bikeshed warning-clean

Pull Request - State: closed - Opened by drubery 3 months ago

#165 - Rework type mismatches around origin vs URL vs host

Pull Request - State: closed - Opened by drubery 3 months ago

#164 - Only allow refresh of same session

Pull Request - State: closed - Opened by drubery 3 months ago

#163 - Specify that session store is owned by the user agent

Pull Request - State: closed - Opened by drubery 3 months ago - 1 comment

#162 - Specify timing side-channel solution

Pull Request - State: closed - Opened by drubery 3 months ago

#161 - Cherry pick bad PR management

Pull Request - State: closed - Opened by drubery 3 months ago

#160 - Remove Sec- prefixes

Pull Request - State: closed - Opened by drubery 3 months ago

#159 - Specify that session store is owned by the user agent

Pull Request - State: closed - Opened by drubery 3 months ago - 1 comment

#158 - Specify timing side-channel solution

Pull Request - State: closed - Opened by drubery 3 months ago - 1 comment

#157 - What is the purpose of storing the initial public key in Device Bound Session Credentials

Issue - State: closed - Opened by maronnjapan 3 months ago - 2 comments

#156 - Specify session scope matching more precisely

Pull Request - State: closed - Opened by drubery 3 months ago - 2 comments

#155 - DBSC refreshes are copies of original requests

Pull Request - State: closed - Opened by drubery 3 months ago

#154 - Wording clarifications

Pull Request - State: closed - Opened by drubery 3 months ago

#153 - Typo fixes

Pull Request - State: closed - Opened by drubery 3 months ago

#152 - Consider Renaming "Device Bound Session Credentials" for Clarity

Issue - State: open - Opened by kkoiwai 3 months ago - 1 comment

#151 - Update session selection mechanism

Pull Request - State: closed - Opened by drubery 3 months ago

#150 - Add thefrog@ as an editor

Pull Request - State: closed - Opened by drubery 3 months ago

#149 - Specify the credentials field of session instructions

Pull Request - State: closed - Opened by drubery 3 months ago

#148 - Failure to create DBSC session with __Host prefix cookie

Issue - State: closed - Opened by ahallsc 3 months ago - 4 comments

#147 - Adding w3cid for editors

Pull Request - State: closed - Opened by simoneonofri 3 months ago - 1 comment

#146 - Example website with DBSC

Issue - State: closed - Opened by ivan-georgiev 3 months ago - 3 comments

#145 - Infinite spinner and network service crash

Issue - State: closed - Opened by frankeld 3 months ago - 6 comments

#144 - Update to indicate that `HttpOnly` is required for CookieCraving

Pull Request - State: closed - Opened by frankeld 3 months ago - 4 comments

#143 - Do not defer requests without credentials

Pull Request - State: closed - Opened by drubery 3 months ago

#142 - Update spec.bs to origin with scheme

Pull Request - State: closed - Opened by frankeld 3 months ago - 2 comments

#141 - Use 403 instead of 401 for retries

Pull Request - State: closed - Opened by drubery 3 months ago - 2 comments

#140 - Restart requests after refresh

Pull Request - State: closed - Opened by drubery 3 months ago

#139 - Clarify input on algo-create-session

Pull Request - State: closed - Opened by drubery 3 months ago

#138 - Specify debug header behavior

Pull Request - State: closed - Opened by drubery 3 months ago

#137 - Fix key locations in example

Pull Request - State: closed - Opened by drubery 4 months ago

#136 - How is token theft prevented?

Issue - State: closed - Opened by DGuhr 4 months ago - 7 comments

#135 - Refresh URL optional?

Issue - State: closed - Opened by frankeld 4 months ago - 1 comment

#134 - How would the server know if cookies are stolen from an active session and replayed from a different browser that ignores DBSC validation?

Issue - State: closed - Opened by krkhan 4 months ago - 2 comments

#133 - Specify .well-known URL for subdomain registration

Pull Request - State: closed - Opened by drubery 4 months ago - 9 comments

#132 - Specify session refresh error handling

Pull Request - State: closed - Opened by drubery 4 months ago

#131 - Include some server-side recommendations in the spec

Pull Request - State: closed - Opened by drubery 4 months ago

#130 - Explicitly state that TPMs are not required by the protocol

Pull Request - State: closed - Opened by drubery 4 months ago

#129 - Clarify JWT format

Pull Request - State: closed - Opened by drubery 4 months ago

#128 - Attestation?

Issue - State: closed - Opened by reitowo 4 months ago - 3 comments

#127 - Update JWT type in explainer

Pull Request - State: closed - Opened by drubery 4 months ago

#126 - Give more details on BfCache integration

Pull Request - State: closed - Opened by drubery 4 months ago

#125 - Explicitly state behavior without a TPM

Pull Request - State: closed - Opened by drubery 4 months ago

#124 - How often is user consent going to be required?

Issue - State: closed - Opened by wwilk 4 months ago - 9 comments

#123 - Minor edits to spec

Pull Request - State: closed - Opened by drubery 4 months ago

#122 - Typo fix

Pull Request - State: closed - Opened by tylerjmorg 4 months ago - 1 comment

#121 - Remove currently unused defer_requests field from explainer

Pull Request - State: closed - Opened by thefrog-gh 4 months ago - 2 comments

#120 - Include Clear-Site-Data: "cookies" in explainer

Pull Request - State: closed - Opened by thefrog-gh 4 months ago

#119 - Clarify that the TPM certificate chain is not sent

Pull Request - State: closed - Opened by drubery 4 months ago

#118 - Kernel modifications compromising DBSC

Issue - State: closed - Opened by drubery 4 months ago - 1 comment

#117 - Synchronous operation and capability discovery

Issue - State: open - Opened by sbweeden 4 months ago - 4 comments

#116 - Fix origin field of glitch server

Pull Request - State: closed - Opened by drubery 5 months ago

#115 - Update contribution file with WebAppSec

Pull Request - State: closed - Opened by drubery 5 months ago - 2 comments

#114 - Flesh out spec

Pull Request - State: closed - Opened by drubery 5 months ago

#113 - Don't say the HttpOnly attribute is ignored in session config credentials

Pull Request - State: closed - Opened by thefrog-gh 5 months ago

#112 - HTTP Message Signatures

Issue - State: open - Opened by jricher 5 months ago - 6 comments

#111 - Don't say that the cookie list is allowed to be empty

Pull Request - State: closed - Opened by thefrog-gh 5 months ago - 1 comment

#110 - Clarify scope origin is an origin (not a host)

Pull Request - State: closed - Opened by thefrog-gh 5 months ago

#109 - Update explainer with privacy commitments

Pull Request - State: closed - Opened by drubery 5 months ago

#108 - DBSC Community Group & ongoing development?

Issue - State: closed - Opened by nicksteele 5 months ago - 2 comments

#107 - Is the DBSC prototype functional with Chrome on macOS?

Issue - State: closed - Opened by zmb3 5 months ago - 5 comments

#106 - StartSession requests only include cookies with `SameSite=None`

Issue - State: open - Opened by frankeld 5 months ago - 14 comments

#105 - cookies are not fundamental

Issue - State: closed - Opened by raymcdermott 5 months ago - 4 comments

#104 - Required/optional credential cookie attributes need to be defined

Issue - State: closed - Opened by sbweeden 5 months ago - 2 comments

#103 - Add a note about running "refresh" in deploy.sh instructions

Pull Request - State: closed - Opened by thefrog-gh 5 months ago - 1 comment

#102 - Add security and privacy questionnaire for DBSC

Pull Request - State: closed - Opened by drubery 5 months ago

#101 - Clarify comments in deploy.sh

Pull Request - State: closed - Opened by thefrog-gh 6 months ago

#100 - Let deploy.sh use multiple remotes

Pull Request - State: closed - Opened by drubery 6 months ago

#99 - Update spec.bs to reflect ED status

Pull Request - State: closed - Opened by simoneonofri 6 months ago

#98 - Have cookie expiry changes reflected in UI

Pull Request - State: closed - Opened by thefrog-gh 6 months ago

#97 - Update description of Secure Contexts

Pull Request - State: closed - Opened by drubery 6 months ago

#96 - Add challenges to Glitch server

Pull Request - State: closed - Opened by drubery 6 months ago

#95 - Empty commit to test IPR check

Pull Request - State: closed - Opened by drubery 6 months ago - 1 comment

#94 - Glitch server improvement

Pull Request - State: closed - Opened by drubery 6 months ago

#93 - Fix Glitch table headers

Pull Request - State: closed - Opened by drubery 6 months ago

#92 - Update self-link in spec

Pull Request - State: closed - Opened by drubery 6 months ago

#91 - Remove an extra parentheses

Pull Request - State: closed - Opened by deanyxu 6 months ago

#90 - Add note about secure contexts

Pull Request - State: closed - Opened by drubery 6 months ago

#89 - Fix a few typos in README.md

Pull Request - State: closed - Opened by thefrog-gh 6 months ago

#88 - How to trigger Refresh request from browser ?

Issue - State: open - Opened by Jxck 7 months ago - 2 comments

GitHub / w3c/webappsec-dbsc issues and pull requests