WICG/dbsc

BikeshedNOASSERTION

Issues

Cluttering the TPM and potential denial of service ?
#20 opened 2 months ago by HoLyVieR
14
non-TPM devices? Android and iPhone / iOS | iPadOS TPM equivalents?
#21 opened 2 months ago by anwarmahmood1
8
Really supportive of this effort!
#22 opened 2 months ago by miketheitguy
1
[Fetch] What's stopping us from using the Fetch API configuration to support this?
#39 opened a year ago by wparad
1
What is the expectation of multi-site cross-site signatures?
#40 opened 2 months ago by wparad
1
jti/nonce/challenge value?
#43 opened a year ago by bc-pi
2
iat is a number
#42 opened 2 months ago by bc-pi
1
how are endpoints conveyed from server to browser?
#45 opened a year ago by bc-pi
13
A simpler flow proposal
#46 opened a year ago by el1s7
56
JWTs are not themselves base64url encoded
#47 opened 2 months ago by bc-pi
5
Details on Session Identifier are not clear in the Explainer
#55 opened 10 months ago by tblachowicz
2
`Sec-` prefix for a server header
#59 opened 9 months ago by yoavweiss
11
Where does the challenge value go in the Registration JWT?
#56 opened 10 months ago by tblachowicz
4
Refresh session performance 1: Waiting for response from the server.
#60 opened 2 months ago by alextok
2
Refresh session performance 2: Fresh nonce prefetching.
#61 opened 2 months ago by alextok
2
Use Outside of Google
#62 opened 2 months ago by amitassaraf
2
HTTP 401 MUST return a WWW-Authenticate header
#65 opened 7 months ago by danmarg
17
Support for Software Defined Authenticators and Credential Managers
#80 opened 4 months ago by nicksteele
2
CORS integration
#81 opened 3 months ago by annevk
1
Is there a timeline for when DBSC will be available on OSX and other OSs?
#64 opened 2 months ago by ahallsc
1
PoC using swtpm
#63 opened 2 months ago by theMiddleBlue
2
Unclear request method for `/securesession/refresh`
#78 opened 2 months ago by hagould
2
Should this approach extend to native applications?
#38 opened 5 months ago by NickBorgersOnLowSecurityNode
5
Check/inform status of DBSC per session/site in Chrome UI
#37 opened 5 months ago by GuiPoM
5
Why send JWTs two different ways?
#53 opened 5 months ago by sbweeden
2
البلاغ عن موقع احتيال مالي
#70 opened 5 months ago by Norah0-0
0
Public key in JWT
#44 opened 6 months ago by bc-pi
9
Use DBSC without Browser support?
#72 opened 6 months ago by longzhou
1
Response headers should use consistent separators
#54 opened 6 months ago by sbweeden
6
An attack vector for DBSC:
#35 opened a year ago by maxhata
9
JWS algorithms are case-sensitive
#41 opened 8 months ago by bc-pi
14
How can we tell when there is running code available in Chrome Canary
#50 opened 9 months ago by sbweeden
9
Can DBSC stop common adversary in the middle attacks?
#57 opened 9 months ago by RogerAGrimes
2
alignment with OAuth 2 flows for 1P authorization servers
#31 opened a year ago by dickhardt
3
Reduce latency by including refresh challenge
#29 opened a year ago by dickhardt
1
Explicitly type the JWT
#27 opened a year ago by dickhardt
2
Require request signing for proof-of-possession
#23 opened a year ago by joaopenteado
18
MVP Recommendation: TOTP
#36 opened a year ago by wparad
9
Need for attestation?
#34 opened a year ago by jackevans43
5
explain `excluded scope`
#30 opened a year ago by dickhardt
3
Login Status API?
#32 opened a year ago by dickhardt
1
timed refresh mechanism
#33 opened a year ago by dickhardt
1
How do servers manage the public keys and the sessions?
#26 opened a year ago by hdfrk
4
JWT clarifications needed
#28 opened a year ago by dickhardt
0
IP binding with Cookies cant be enough ?
#25 opened a year ago by threatdecoder
2
Question RE: Tracking and Identity Providers
#24 opened a year ago by whitehatguy
1
In startsession we deliver authorization artifact in two different ways
#19 opened a year ago by alextok
2
Diagram mismatch
#16 opened a year ago by alextok
3
Origin trial updates
#17 opened a year ago by kmonsen
0
key_registration_header.svg is hard to read when the reader's browser is dark mode.
#15 opened a year ago by aawc
2