HTTP Origin-Bound Authentication (HOBA)

S. Farrell; P. Hoffman; M. Thomas

RFC 7486

HTTP Origin-Bound Authentication (HOBA), March 2015

Canonical URL:: https://www.rfc-editor.org/rfc/rfc7486.txt
File formats:
Status:: EXPERIMENTAL
Authors:: S. Farrell
P. Hoffman
M. Thomas
Stream:: IETF
Source:: httpauth (sec)

Cite this RFC: TXT | XML

DOI: 10.17487/RFC7486

Discuss this RFC: Send questions or comments to http-auth@ietf.org

Other actions: Submit Errata | Find IPR Disclosures from the IETF

Abstract

HTTP Origin-Bound Authentication (HOBA) is a digital-signature-based design for an HTTP authentication method. The design can also be used in JavaScript-based authentication embedded in HTML. HOBA is an alternative to HTTP authentication schemes that require passwords and therefore avoids all problems related to passwords, such as leakage of server-side password databases.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.

Download PDF Reader

Search RFCs

RFC Editor

RFC 7486

HTTP Origin-Bound Authentication (HOBA), March 2015

Abstract