Mastodon Feed
Boosted by adam@social.lol ("Adam"):
w3c@w3c.social ("World Wide Web Consortium") wrote:
The Web Application Security Working Group has published a First Public Working Draft of Device Bound Session Credentials.
Device Bound Sessions Credentials (DBSC) aims to prevent hijacking via cookie theft by building a protocol and infrastructure that allows a user agent to assert possession of a securely-stored private key. DBSC is a Web API and a protocol between user agents and servers to achieve this binding.
https://www.w3.org/news/2025/first-public-working-draft-device-bound-session-credentials/