draft-ietf-tokbind-https-12.txt   draft-ietf-tokbind-https-13.txt 
Internet Engineering Task Force A. Popov Internet Engineering Task Force A. Popov
Internet-Draft M. Nystroem Internet-Draft M. Nystroem
Intended status: Standards Track Microsoft Corp. Intended status: Standards Track Microsoft Corp.
Expires: July 11, 2018 D. Balfanz, Ed. Expires: October 14, 2018 D. Balfanz, Ed.
A. Langley A. Langley
N. Harper N. Harper
Google Inc. Google Inc.
J. Hodges J. Hodges
PayPal PayPal
January 7, 2018 April 12, 2018
Token Binding over HTTP Token Binding over HTTP
draft-ietf-tokbind-https-12 draft-ietf-tokbind-https-13
Abstract Abstract
This document describes a collection of mechanisms that allow HTTP This document describes a collection of mechanisms that allow HTTP
servers to cryptographically bind security tokens (such as cookies servers to cryptographically bind security tokens (such as cookies
and OAuth tokens) to TLS connections. and OAuth tokens) to TLS connections.
We describe both first-party and federated scenarios. In a first- We describe both first-party and federated scenarios. In a first-
party scenario, an HTTP server is able to cryptographically bind the party scenario, an HTTP server is able to cryptographically bind the
security tokens it issues to a client, and which the client security tokens it issues to a client, and which the client
skipping to change at page 2, line 7 skipping to change at page 2, line 7
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 11, 2018. This Internet-Draft will expire on October 14, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 8, line 35 skipping to change at page 8, line 35
| TC signals permission to | | | TC signals permission to | |
| reveal TBID1 to TP | | | reveal TBID1 to TP | |
|<------------------------------| | |<------------------------------| |
| | | | | |
| | | |
| Client interacts w/TP | | Client interacts w/TP |
| using TokenBindingID TBID1 and TBID2: | | using TokenBindingID TBID1 and TBID2: |
| TBMSG[[provided_token_binding, | | TBMSG[[provided_token_binding, |
| TBID2, signature], | | TBID2, signature], |
| [referred_token_binding, | | [referred_token_binding, |
| TBID1, sognature]] | | TBID1, signature]] |
|----------------------------------------------------->| |----------------------------------------------------->|
| | | |
| | | | | |
| | | | | |
5.2. Overview 5.2. Overview
In a Federated Sign-On protocol, an Identity Provider issues an In a Federated Sign-On protocol, an Identity Provider issues an
identity token to a client, which sends the identity token to a identity token to a client, which sends the identity token to a
Relying Party to authenticate itself. Examples of this include Relying Party to authenticate itself. Examples of this include
skipping to change at page 22, line 9 skipping to change at page 22, line 9
Header field name: Include-Referred-Token-Binding-ID Header field name: Include-Referred-Token-Binding-ID
Applicable protocol: HTTP Applicable protocol: HTTP
Status: standard Status: standard
Author/Change controller: IETF Author/Change controller: IETF
Specification document(s): this one Specification document(s): this one
10. Acknowledgements 10. Acknowledgements
This document incorporates comments and suggestions offered by Eric This document incorporates comments and suggestions offered by Eric
Rescorla, Gabriel Montenegro, Martin Thomson, Vinod Anupam, Anthony Rescorla, Gabriel Montenegro, Martin Thomson, Vinod Anupam, Anthony
Nadalin, Michael B. Jones, Bill Cox, Nick Harper, Brian Campbell, Nadalin, Michael B. Jones, Bill Cox, Brian Campbell, and others.
and others.
This document was produced under the chairmanship of John Bradley and
Leif Johansson. The area directors included Eric Rescorla, Kathleen
Moriarty and Stephen Farrell.
11. References 11. References
11.1. Normative References 11.1. Normative References
[fetch-spec] [fetch-spec]
WhatWG, "Fetch", Living Standard , WhatWG, "Fetch", Living Standard ,
<https://fetch.spec.whatwg.org/>. <https://fetch.spec.whatwg.org/>.
[I-D.ietf-tokbind-negotiation] [I-D.ietf-tokbind-negotiation]
 End of changes. 6 change blocks. 
7 lines changed or deleted 10 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/