Use Cookies for Tokens
Use a secure session cookie (partof the HTTP spec) to store a
Key for the the PKIZ tokens after initial use to reduce the
size of the HTTP request and response to endpoints.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Not
- Drafter:
- Adam Young
- Direction:
- Needs approval
- Assignee:
- Adam Young
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
- Adam Young
Related branches
Related bugs
Sprints
Whiteboard
(morganfainberg): As discussed on IRC and based upon other events [horizon moving away from signed cookies] this is not solving the issues.
Disagre: nothing hasbeen decided on this, and no superior approach has been suggested. Please leave this as 'new' until we have a better approach.
(morganfainberg): This is also *not* trivial. I am prioritizing it in a way it won't hit the meeting "trivial" bp review. I still believe that this is absolutely not solving any issues. You are adding complexity and optimizing the wrong part of the exchange. The issue is less on *reuse* of a token and more on token sizes (each request being a new token). Cookies are not fixing the issues we have with our AuthZ transport.
