Skip to content

Describe session key sharing mechanism #171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: push-mpvqoqvpkvlm
Choose a base branch
from
Open

Describe session key sharing mechanism #171

wants to merge 2 commits into from

Conversation

drubery
Copy link
Collaborator

@drubery drubery commented May 6, 2025

No description provided.

@drubery drubery requested a review from thefrog-gh May 6, 2025 23:05
thefrog-gh
thefrog-gh reviewed May 7, 2025
View reviewed changes
Copy link
Collaborator

@thefrog-gh thefrog-gh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not fully understanding this at the moment, so not marking as approved yet. Addressing some of the comments may help.

spec.bs Outdated
1. If |algorithm list| is empty, return null.
1. Let |unshared key| be a key pair created for |algorithm list|.
1. If any of |params|["provider_key"], |params|["provider_id"], or
|params|["provider_site"] exists:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want provider_site or provider_origin? We use provider_origin in the section "Secure-Session-Registration HTTP header field"

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah this is inconsistent because I went back and forth and seems like I didn't quite settle on either. I was struggling with two things:

  • How do we lookup the session given the origin and session id.
  • How do we get the well-known URL from origin.

I think we want to have that field be a URL, from which we can easily derive the site (as the registrable domain), expected origin, and well-known URL. Therefore I've renamed it "provider_url". Let me know what you think.

@drubery drubery force-pushed the push-mpvqoqvpkvlm branch from 7e1e0e8 to 21fc0ea Compare May 7, 2025 18:24
@drubery drubery force-pushed the push-qlnkysvylywl branch from 6d74d78 to 5841b9b Compare May 7, 2025 20:02
@drubery drubery mentioned this pull request May 7, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thefrog-gh thefrog-gh thefrog-gh left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@drubery @thefrog-gh