Introduction
The Device Bound Session Credentials for SSO feature is an enhancement to the novel DBSC protocol which prevents cross-origin device binding bypasses.
It introduces new browser capabilities to generate keys for a given Relying Party that are cryptographically proven to be stored on the same device as the Identity Provider's.
This way, the Identity Provider can bless a trusted key to the Relying Party, making cross-origin device binding bypasses impractical.
Feedback
I welcome feedback in this thread, but encourage you to file bugs against Device Bound Session Credentials for SSO.
Introduction
The Device Bound Session Credentials for SSO feature is an enhancement to the novel DBSC protocol which prevents cross-origin device binding bypasses.
It introduces new browser capabilities to generate keys for a given Relying Party that are cryptographically proven to be stored on the same device as the Identity Provider's.
This way, the Identity Provider can bless a trusted key to the Relying Party, making cross-origin device binding bypasses impractical.
Feedback
I welcome feedback in this thread, but encourage you to file bugs against Device Bound Session Credentials for SSO.