Formalizing the HTTP State Tokens proposal. from Mike West on 2019-03-28 (ietf-http-wg@w3.org from January to March 2019)

From: Mike West <mkwst@google.com>
Date: Thu, 28 Mar 2019 11:14:22 +0100
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAKXHy=d3xmsaCGYmnvDQXegMNf1j0gLbpRiLCaT1yr1r=jeueA@mail.gmail.com>

Way back in August, 2018, I started a thread [1] on a proposal to introduce
a client-controlled, origin-bound, HTTPS-only session identifier for
network-level state management [2].

I wasn't able to make it to IETF104, but I will be attending the HTTP
workshop next week. In the hopes of sparking some conversations there, I've
formalized the proposal as
https://tools.ietf.org/html/draft-west-http-state-tokens-00, clarifying
some pieces based on y'all's earlier feedback. I'm looking forward to your
feedback on, either here on the list, or at the workshop next week.

Thanks!

-mike

[1]: https://lists.w3.org/Archives/Public/ietf-http-wg/2018JulSep/0184.html
[2]: https://github.com/mikewest/http-state-tokens

Received on Thursday, 28 March 2019 10:14:59 UTC