Planning 2023-10-18.

[mikewest]

Let's plan the agenda for our upcoming call on October 18th.

[kmonsen]

We would like to present and get feedback on DBSC. Device Bound Secure Credentials (DBSC) aims to reduce account hijacking caused by cookie theft. It does so by introducing a protocol and browser infrastructure to maintain and prove possession of a cryptographic key.

This proposal offers two important features that we believe makes it easier to deploy than previous proposals. DBSC provides application-level binding and browser initiated refreshes that can make sure devices are still bound to the original device.

There is an explainer from Microsoft in the same space, and we have invited them to share this presentation.

[sameerag]

Thank you @kmonsen for adding us. I will be representing Microsoft and we are looking forward to the presentation. We are finalizing the explainer from our end and will update the final draft next week.

Appreciate the collaboration and the invite.

[mikewest]

Thanks, @kmonsen and @sameerag. As things look at the moment, I think we can dedicate a good chunk of the meeting to this topic. Looking forward to the discussion.

[mikewest]

Posted the agenda to public-webappsec@ and https://github.com/w3c/webappsec/blob/main/meetings/2023/2023-10-18-agenda.md.