Esc

Token Binding

Definition

Token binding is a security mechanism used to enhance the protection of tokens, such as cookies or OAuth tokens, by binding them to a specific connection.

How it works

When issuing a security token to a client that supports Token Binding, a server includes the client's Token Binding ID (or its cryptographic hash) in the token. Later on, when a client presents a security token containing a Token Binding ID, the server verifies that the ID in the token matches the ID of the Token Binding established with the client. In the case of a mismatch, the server rejects the token.

Considerations

While industry participation in the standards process is widespread, browser support remains limited.
In practice, token-binding implementations are tied to Transport Security Layer (TLS).

json

References

All

Specification

The following references were used to develop the Token Binding knowledge-base article.

(Note: the consideration of references does not imply specific functionality exists in an offering.)

RFC8471: The Token Binding Protocol Version 1.0

Reference Type: Specification Organization: IETF Author: A. Popov, M. Nystroem, Microsoft Corp., D. Balfanz, Google Inc., J Hodges, Kings Mountain Systems

Source:

https://datatracker.ietf.org/doc/html/rfc8471

D3FEND^™

A knowledge graph of cybersecurity countermeasures