From fc7ed3a9cd570d6829991f2e812dbe2bd4f64471 Mon Sep 17 00:00:00 2001
From: Levi B <levib@yahoo.com>
Date: Wed, 11 Feb 2015 11:37:07 -0800
Subject: [PATCH] Add TLS token binding feature

---
 .../ITlsTokenBindingFeature.cs                | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 src/Microsoft.AspNet.Http.Interfaces/ITlsTokenBindingFeature.cs

diff --git a/src/Microsoft.AspNet.Http.Interfaces/ITlsTokenBindingFeature.cs b/src/Microsoft.AspNet.Http.Interfaces/ITlsTokenBindingFeature.cs
new file mode 100644
index 0000000000..d9aaf0fcd5
--- /dev/null
+++ b/src/Microsoft.AspNet.Http.Interfaces/ITlsTokenBindingFeature.cs
@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.Framework.Runtime;
+
+namespace Microsoft.AspNet.Http.Interfaces
+{
+    /// <summary>
+    /// Provides information regarding TLS token binding parameters.
+    /// </summary>
+    /// <remarks>
+    /// TLS token bindings help mitigate the risk of impersonation by an attacker in the
+    /// event an authenticated client's bearer tokens are somehow exfiltrated from the
+    /// client's machine. See https://datatracker.ietf.org/doc/draft-popov-token-binding/
+    /// for more information.
+    /// </remarks>
+    [AssemblyNeutral]
+    public interface ITlsTokenBindingFeature
+    {
+        /// <summary>
+        /// Gets the 'provided' token binding identifier associated with the request.
+        /// </summary>
+        /// <returns>The token binding identifier, or null if the client did not
+        /// supply a 'provided' token binding or valid proof of possession of the
+        /// associated private key. The caller should treat this identifier as an
+        /// opaque blob and should not try to parse it.</returns>
+        byte[] GetProvidedTokenBindingId();
+
+        /// <summary>
+        /// Gets the 'referred' token binding identifier associated with the request.
+        /// </summary>
+        /// <returns>The token binding identifier, or null if the client did not
+        /// supply a 'referred' token binding or valid proof of possession of the
+        /// associated private key. The caller should treat this identifier as an
+        /// opaque blob and should not try to parse it.</returns>
+        byte[] GetReferredTokenBindingId();
+    }
+}