VAPID (Voluntary Application Server Identification for Web Push)

E856239

application server identification mechanism web push authentication mechanism

VAPID (Voluntary Application Server Identification for Web Push) is a mechanism that lets web push application servers identify themselves to push services using signed JSON Web Tokens, enabling authenticated and more controlled push messaging.

Try in SPARQL Jump to: Surface forms Statements Referenced by

Observed surface forms (1)

Surface form	Occurrences
VAPID	49

Statements (49)

Predicate	Object
instanceOf	application server identification mechanism ⓘ web push authentication mechanism ⓘ
abbreviationFor	Voluntary Application Server Identification for Web Push NERFINISHED ⓘ
appliesTo	Web Push protocol NERFINISHED ⓘ
benefits	better management of push traffic by push services ⓘ improved accountability of push senders ⓘ simplified authentication compared to per-subscription credentials ⓘ
category	authentication protocol ⓘ web push standard ⓘ web security mechanism ⓘ
complements	Web Push message encryption (RFC 8291) NERFINISHED ⓘ
definedIn	RFC 8292 NERFINISHED ⓘ
doesNotProvide	end-to-end content encryption ⓘ
enables	abuse detection by push services ⓘ access control by push services ⓘ contact information inclusion in push requests ⓘ rate limiting per application server ⓘ sender authentication for push messages ⓘ voluntary identification of application servers to push services ⓘ
fullName	Voluntary Application Server Identification for Web Push NERFINISHED ⓘ
headerTransport	Authorization HTTP header ⓘ Crypto-Key HTTP header ⓘ
isVoluntary	true ⓘ
keyType	EC P-256 public key ⓘ
protocolLayer	application layer ⓘ
relatedTo	HTTP Web Push protocol ⓘ JSON Web Token NERFINISHED ⓘ Public Key Infrastructure ⓘ Push API NERFINISHED ⓘ Web Push API NERFINISHED ⓘ
requires	application server key pair generation ⓘ push service support for VAPID ⓘ
scope	communication between application server and push service ⓘ
securityProperty	integrity of identification data ⓘ server authentication ⓘ
standardizedBy	Internet Engineering Task Force ⓘ surface form: IETF
tokenAudience	push service origin ⓘ
tokenClaim	audience (aud) ⓘ expiration time (exp) ⓘ subject (sub) ⓘ
tokenType	signed JWT ⓘ
usedFor	authenticating web push application servers ⓘ authorizing push message sending ⓘ controlling web push messaging ⓘ identifying web push application servers ⓘ
uses	ES256 signature algorithm ⓘ JSON Web Token NERFINISHED ⓘ elliptic curve keys ⓘ public key cryptography ⓘ

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

Push API → typicallyUsedWith → VAPID (Voluntary Application Server Identification for Web Push) ⓘ