RFC 7486

HTTP Origin-Bound Authentication (HOBA), March 2015

File formats:
icon for text file icon for PDF icon for HTML
Status:
EXPERIMENTAL
Authors:
S. Farrell
P. Hoffman
M. Thomas
Stream:
IETF
Source:
httpauth (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC7486

Discuss this RFC: Send questions or comments to the mailing list ietf-http-wg@w3.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 7486

Abstract

HTTP Origin-Bound Authentication (HOBA) is a digital-signature-based design for an HTTP authentication method. The design can also be used in JavaScript-based authentication embedded in HTML. HOBA is an alternative to HTTP authentication schemes that require passwords and therefore avoids all problems related to passwords, such as leakage of server-side password databases.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.



Advanced Search