First Public Working Draft: Device Bound Session Credentials

The Web Application Security Working Group has published a First Public Working Draft of Device Bound Session Credentials. Device Bound Sessions Credentials (DBSC) aims to prevent hijacking via cookie theft by building a protocol and infrastructure that allows a user agent to assert possession of a securely-stored private key. DBSC is a Web API and a protocol between user agents and servers to achieve this binding.