This document discusses token binding as a way to more securely bind security tokens like cookies to client devices. It summarizes the core token binding specifications from the IETF, how token binding can be applied to single sign-on with OpenID Connect and OAuth, and the current landscape of implementations. Token binding allows binding of tokens to a client-generated public-private key pair to prove possession of the private key over TLS. This can help mitigate risks from cross-site scripting and other attacks. Specifications are being developed for token binding in areas like OpenID Connect and OAuth, and implementations exist in browsers, servers, and libraries.