Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Explain how Token Binding IDs get associated with an HTML context. #360

Closed
jyasskin opened this issue Feb 24, 2017 · 7 comments · Fixed by #1077
Closed

Explain how Token Binding IDs get associated with an HTML context. #360

jyasskin opened this issue Feb 24, 2017 · 7 comments · Fixed by #1077

Comments

@jyasskin
Copy link
Member

@jyasskin jyasskin commented Feb 24, 2017

This is probably a change for HTML or https://tools.ietf.org/html/draft-ietf-tokbind-protocol, but it's not clear to me how a Token Binding ID becomes available for an origin or Document or settings object.

@equalsJeffH
Copy link
Contributor

@equalsJeffH equalsJeffH commented Feb 27, 2017

Well, it is not a change appropriate for draft-ietf-tokbind-protocol, since that spec does not delve into user agent implementation particulars (tho it does mention this use case in section 5 2nd paragraph). We might also reference draft-ietf-tokbind-https, but it does not answer this user agent-specific question, so may not be appropriate for this spec to reference(?).

In nosing around, it seems to me that, yes, we should perhaps add something to the HTML spec, and given that an environment settings object has an HTTPS state value, perhaps we should propose adding an HTTPSProperties interface of which an attribute is the Token Binding ID (if any) for the underlying TLS connection?

@jyasskin
Copy link
Member Author

@jyasskin jyasskin commented Mar 14, 2017

Yes, collecting the Token Binding ID during https://fetch.spec.whatwg.org/#http-network-fetch and adding it to the response object and thence to the settings object sounds reasonable. I'll file a bug against Fetch and CC you. Anne may want you to write the actual change.

@jyasskin
Copy link
Member Author

@jyasskin jyasskin commented Mar 14, 2017

Ah, and whatwg/fetch#325 is already taking care of this. This issue should track integrating with that change to fetch() when it's merged.

@equalsJeffH
Copy link
Contributor

@equalsJeffH equalsJeffH commented Mar 31, 2017

@jyasskin speaks truth in #360 (comment) -- will do

@equalsJeffH equalsJeffH added this to the WD-06 milestone May 3, 2017
@equalsJeffH equalsJeffH removed this from the WD-05 milestone May 3, 2017
@nadalin nadalin added this to the CR milestone May 17, 2017
@nadalin nadalin removed this from the WD-06 milestone May 17, 2017
@nadalin nadalin removed this from the CR milestone Sep 13, 2017
@nadalin nadalin added this to the PR milestone Sep 13, 2017
@equalsJeffH
Copy link
Contributor

@equalsJeffH equalsJeffH commented Jul 27, 2018

wrt #360 (comment)
unfortunately, those aspects of whatwg/fetch#715 (formerly whatwg/fetch#325) appear to have been lost, see also: whatwg/fetch#715 (review)

@selfissued
Copy link
Contributor

@selfissued selfissued commented Sep 20, 2018

Who can take ownership of the Fetch additions and get them to complete?

@equalsJeffH
Copy link
Contributor

@equalsJeffH equalsJeffH commented Sep 20, 2018

Please see PR #1077

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment