Token Binding Explained
Token Binding is a proposed standard for a Transport Layer Security (TLS) extension that aims to increase TLS security by using cryptographic certificates on both ends of the TLS connection. Current practice often depends on bearer tokens,[1] which may be lost or stolen. Bearer tokens are also vulnerable to man-in-the-middle attacks or replay attacks. In contrast, bound tokens are established by a user agent that generates a private-public key pair per target server, providing the public key to the server, and thereafter proving possession of the corresponding private key on every TLS connection to the server.
Token Binding is an evolution of the Transport Layer Security Channel ID (previously known as Transport Layer Security – Origin Bound Certificates (TLS-OBC)) extension.
Industry participation is widespread with standards contributors including Microsoft,[2] Google,[3] PayPal, Ping Identity, and Yubico. Browser support remains limited, however. Only Microsoft Edge has support for token binding.[4]
IETF standards
The following group of IETF RFCs and Internet Drafts comprise a set of interrelated specifications for implementing different aspects of the Token Binding standard.
- The Token Binding Protocol Version 1.0.[5] Allows client/server applications to create long-lived, uniquely identifiable TLS bindings spanning multiple TLS sessions and connections. Applications are then enabled to cryptographically bind security tokens to the TLS layer, preventing token export and replay attacks. To protect privacy, the Token Binding identifiers are only conveyed over TLS and can be reset by the user at any time.
- Transport Layer Security (TLS) Extension for Token Binding Protocol Negotiation.[6] Extension for the negotiation of Token Binding protocol version and key parameters.
- Token Binding over HTTP.[7] A collection of mechanisms that allow HTTP servers to cryptographically bind security tokens (such as cookies and OAuth tokens) to TLS connections.
- Token Binding for Transport Layer Security (TLS) Version 1.3 Connections.[8] This companion document defines a backwards compatible way to negotiate Token Binding on TLS 1.3 connections.
- HTTPS Token Binding with TLS Terminating Reverse Proxies.[9] Defines HTTP header fields that enable a TLS terminating reverse proxy to convey information to a backend server about the validated Token Binding Message received from a client, which enables that backend server to bind, or verify the binding of, cookies and other security tokens to the client's Token Binding key. This facilitates the reverse proxy and backend server functioning together as though they are a single logical server side deployment of HTTPS Token Binding.
Related IETF draft standard:
- OAuth 2.0 Token Binding.[10] Enables OAuth 2.0 implementations to apply Token Binding to Access Tokens, Authorization Codes, Refresh Tokens, JWT Authorization Grants, and JWT Client Authentication. This cryptographically binds these tokens to a client's Token Binding key pair, possession of which is proven on the TLS connections over which the tokens are intended to be used. This use of Token Binding protects these tokens from man-in-the-middle and token export and replay attacks.
Related standards
The use of TLS Token Binding allows for more robust web authentication. Several web authentication standards developed by standards bodies outside of IETF are adopting the draft standards.
- Draft OpenID Connect Token Bound Authentication 1.0.[11] OpenID Connect (OIDC) is a simple identity layer on top of the OAuth 2.0 protocol. OIDC enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable, REST-like manner. The OIDC Token Bound Authentication specification enables OIDC implementations to apply Token Binding to the OIDC ID Token. This cryptographically binds the ID Token to the TLS connection over which the authentication occurred. This use of Token Binding protects the authentication flow from man-in-the-middle and token export and replay attacks.
- W3C Proposed Recommendation for Web Authentication: An API for accessing Public Key Credentials.[12] Web Authentication (WebAuthn), an interface for public-key authentication of users to web-based applications and services, supports Token Binding.
External links
Notes and References
- The OAuth 2.0 Authorization Framework: Bearer Token Usage. M. Jones, Microsoft . D. Hardt, Independent. IETF Tools. 2012 . Internet Engineering Task Force. 10.17487/RFC6750 . 23 August 2018.
- Web site: It's Time for Token Binding. Alex Simons. Microsoft Enterprise Mobility + Security. Microsoft. 23 August 2018. 2018-08-21.
- Web site: Google Chrome Privacy Whitepaper. Google. 23 August 2018.
- Web site: Introducing Token Binding . Microsoft . 15 January 2019 . 8 November 2016.
- The Token Binding Protocol Version 1.0 . A. Popov, Ed. . M. Nystroem . D. Balfanz . J. Hodges . IETF Tools . . 22 January 2019 . 8471.
- Transport Layer Security (TLS) Extension for Token Binding Protocol Negotiation . A. Popov, Ed. . M. Nystroem . D. Balfanz . IETF Tools . . 22 January 2019 . 8472.
- Token Binding over HTTP . A. Popov . M. Nystroem . D. Balfanz, Ed. . N. Harper . J. Hodges . IETF Tools . . 22 January 2019 . 8473.
- Harper . N. . Token Binding for Transport Layer Security (TLS) Version 1.3 Connections . . 22 January 2019 . draft-ietf-tokbind-tls13.
- HTTPS Token Binding with TLS Terminating Reverse Proxies . Campbell . B. . IETF Tools . . 22 January 2019 . draft-ietf-tokbind-ttrp.
- OAuth 2.0 Token Binding . M. . Jones . B. . Campbell . J. . Bradley . W. . Denniss . IETF Tools . . 22 January 2019 . draft-ietf-oauth-token-binding.
- Web site: OpenID Connect Token Bound Authentication. M. Jones, Microsoft. J. Bradley, Yubico. OpenID Foundation. 23 August 2018. B. Campbell, Ping Identity.
- Web site: Web Authentication: An API for accessing Public Key Credentials . Dirk Balfanz, Google . Alexei Czeskis, Google . World Wide Web Consortium . 23 August 2018 . Jeff Hodges, PayPal . J.C. Jones, Mozilla . Michael B. Jones, Microsoft . Akshay Kumar, Microsoft . Angelo Liao, Microsoft . Rolf Lindemann, Nok Nok Labs . Emil Lundberg, Yubico . Vijay Bharadwaj, Microsoft . Arnar Birgisson, Google . Hubert Le Van Gong, PayPal . Christiaan Brand, Google . Adam Langley, Google . Giridhar Mandyam, Qualcomm . Mike West, Google . Jeffrey Yasskin, Google.