Skip to content

Commit

Permalink
Update description of Secure Contexts (#97)
Browse files Browse the repository at this point in the history 
Co-authored-by: Daniel Rubery <drubery@chromium.org>
  • Loading branch information
@drubery
drubery and Daniel Rubery authored Jan 31, 2025
1 parent 5101256 commit 5586d23
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ There are a few obvious considerations to ensure we achieve that goal:
- Implementing this API should not meaningfully increase the entropy of heuristic device fingerprinting signals. (For example, it should not leak any stable TPM-based device identifier.)
- This API—which allows background "pings" to the refresh endpoint when the user is not directly active—must not enable long-term tracking of a user when they have navigated away from the connected site.
- Each session has a separate new key created, and it should not be possible to detect that different sessions are from the same device.
- This API will only be applied in Secure contexts, mandating that the exchange of key material with remote servers occurs over HTTPS.
- Registration and refresh will only be performed over a secure connection (or with localhost for testing).

### Enterprise support

Expand Down

0 comments on commit 5586d23

Please sign in to comment.