Dbsc(e) draft #67
Dbsc(e) draft #67
Conversation
DBSCE/KeyGeneration.md
Outdated
| @@ -0,0 +1,91 @@ | |||
| ### Local key helper on Windows | |||
|
|
|||
| On Windows, a Local key helper is a COM class. A COM interface that the local key helper implements is TBD (working name for this document is ILocalKeyHelper) | |||
There was a problem hiding this comment.
is a COM class per domain? Or the same class registered for multiple domains? Could I use *.contoso.com in the example below on line 33?
DBSCE/KeyGeneration.md
Outdated
|
|
||
|  | ||
|
|
||
| When the browser needs to communicate with a local key helper. It uses its ID to locate the registry key, then reads the default value of this registry key and activates the object by the activation scheme (CLSID or ProgId according to the document). After activation it queries ILocalKeyHelper interface and invokes corresponding methods. |
There was a problem hiding this comment.
"It uses it's ID" Is this a new sentence or should this be a continuation of the one before. We have a few IDs in the doc. CLSID, ProgId, LocalKeyHelperId, API Activation ID. I'm assuming here it's a match on the LocalKeyHelperId. We can also answer the matching question here. Could we register *.login.com and have it match www.login.com, foo.login.com, or just login.com?
Co-authored-by: Tim Cappalli <[email protected]>
| - Steps 1-16 specify the key generation process for a public local key helper. The binding statement is expected to be short lived as elaborated in the [high level design](#high-level-design). | ||
| - Steps 17-29 are [DBSC](https://github.com/wicg/dbsc) with additional parameters introduced with DBSC(E). | ||
|
|
||
|  |
There was a problem hiding this comment.
maybe after conference, but I like coloring you've used in High Level design part, blue and black. IMHO, it was more readable.
|
|
||
| In DBSC(E), the use of private local key helper for specific IDPs enables the below optimizations: | ||
|
|
||
| - An IDP can specify its preferred ordered list of `HelperId`s in any response, and can request the browser to cache its preference for a specific duration (`HelperCacheTime`). The IDP which is capable of DBSC(E) can specify its `HelperIdList` in any communication(request/response) within the browser context. |
There was a problem hiding this comment.
"HelperCacheTime" is a not a specific parameter for this scenario. It also exists in High Level design.
This PR adds to the existing DBSC proposal to address enterprise cookie binding.
Pending: