RFC 8292
Voluntary Application Server Identification (VAPID) for Web Push, November 2017
- File formats:
- Status:
- PROPOSED STANDARD
- Authors:
- M. Thomson
P. Beverloo - Stream:
- IETF
- Source:
- webpush (art)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC8292
Discuss this RFC: Send questions or comments to the mailing list webpush@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 8292
Abstract
An application server can use the Voluntary Application Server Identification (VAPID) method described in this document to voluntarily identify itself to a push service. The "vapid" authentication scheme allows a client to include its identity in a signed token with requests that it makes. The signature can be used by the push service to attribute requests that are made by the same application server to a single entity. The identification information can allow the operator of a push service to contact the operator of the application server. The signature can be used to restrict the use of a push message subscription to a single application server.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.