Information

Device Bound Session Credentials
  • Past
  • Confirmed
  • Breakout Sessions

Meeting

Event details

Date:
Pacific Daylight Time
Status:
Confirmed
Location:
4 Concourse Level - Capistrano
Participants:
Benjamin Ackerman, Joel Antoci, Paulo Avelar, Christian Biesinger, Arnar Birgisson, Aykut Bulut, Alan Buxey, Brian Campbell, Tim Cappalli, Guohui Deng, Pamela Dingle, Alessandro Distaso, Douglas Fisher, Heather Flanagan, George Fletcher, Chris Fredrickson, Sameera Gajjarapu, Sam Goto, Maxime Guerreiro, Wade Jensen, Eric Kinnear, Sue Koomen, Mirja Kühlewind, Vincent Kuntz, Sandor Major, Matthew Miller, Kristian Monsen, Koichi Moriyama, Anusha Muley, JAYADEVI NATARAJAN, Aaron Parecki, Nicolas Pena Moreno, Helen Qin, Nina Satragno, Wendy Seltzer, Nakjo Shishkov, Sameer Tare, Aleksandr Tokarev, Zacharias Törnblom, Haribalu V, David Waite
Big meeting:
TPAC 2024 (Calendar)

Device Bound Session Credentials (DBSC) aims to enhance protection against web session theft by using a secure session that is bound to the device between the browser and web application. This session will provide a breakdown of the general attack vector of cookie theft that it is aiming to disrupt, an overview of the proposed DBSC web standard and host an open discussion about the web standard to gather any feedback or suggestions by the community. The session also covers an addition to the standard layered on DBSC, called the DBSC(E). DBSC(E) aims to provide session protection from malware for enterprise use cases against web session theft as an opt in.

Agenda

Chairs:
Benjamin Ackerman, Kristian Monsen, Arnar Birgisson, Aleksandr Tokarev, Sameera Gajjarapu

Description:
Device Bound Session Credentials (DBSC) aims to enhance protection against web session theft by using a secure session that is bound to the device between the browser and web application. This session will provide a breakdown of the general attack vector of cookie theft that it is aiming to disrupt, an overview of the proposed DBSC web standard and host an open discussion about the web standard to gather any feedback or suggestions by the community. The session also covers an addition to the standard layered on DBSC, called the DBSC(E). DBSC(E) aims to provide session protection from malware for enterprise use cases against web session theft as an opt in.

Goal(s):
Present the DBSC and DBSC(E) API and protocol proposed for standardization and have an open discussion about any of the various components that are of interest.

Materials:

Minutes

 Read minutes

Export options

Personal Links

Please log in to export this event with all the information you have access to.

Public Links

The following links do not contain any sensitive information and can be shared publicly.

Feedback

Report feedback and issues on GitHub.