diff --git a/src/Microsoft.AspNet.Http.Interfaces/ITlsTokenBindingFeature.cs b/src/Microsoft.AspNet.Http.Interfaces/ITlsTokenBindingFeature.cs
new file mode 100644
index 0000000000..d9aaf0fcd5
--- /dev/null
+++ b/src/Microsoft.AspNet.Http.Interfaces/ITlsTokenBindingFeature.cs
@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.Framework.Runtime;
+
+namespace Microsoft.AspNet.Http.Interfaces
+{
+ ///
+ /// Provides information regarding TLS token binding parameters.
+ ///
+ ///
+ /// TLS token bindings help mitigate the risk of impersonation by an attacker in the
+ /// event an authenticated client's bearer tokens are somehow exfiltrated from the
+ /// client's machine. See https://datatracker.ietf.org/doc/draft-popov-token-binding/
+ /// for more information.
+ ///
+ [AssemblyNeutral]
+ public interface ITlsTokenBindingFeature
+ {
+ ///
+ /// Gets the 'provided' token binding identifier associated with the request.
+ ///
+ /// The token binding identifier, or null if the client did not
+ /// supply a 'provided' token binding or valid proof of possession of the
+ /// associated private key. The caller should treat this identifier as an
+ /// opaque blob and should not try to parse it.
+ byte[] GetProvidedTokenBindingId();
+
+ ///
+ /// Gets the 'referred' token binding identifier associated with the request.
+ ///
+ /// The token binding identifier, or null if the client did not
+ /// supply a 'referred' token binding or valid proof of possession of the
+ /// associated private key. The caller should treat this identifier as an
+ /// opaque blob and should not try to parse it.
+ byte[] GetReferredTokenBindingId();
+ }
+}