|
|
|
|
|
|
by zacharyvoase
963 days ago
|
|
|
I see this as a complementary form of DPoP for first-party browser sessions. I took a lot of inspiration from DPoP, with the main novel construction being HMAC signatures over an interactively-negotiated shared secret vs. new elliptic curve signatures for every request. |
|
|