RFC 7486

HTTP Origin-Bound Authentication (HOBA), March 2015

Canonical URL:
https://www.rfc-editor.org/rfc/rfc7486.txt
File formats:
Plain TextPDF
Status:
EXPERIMENTAL
Authors:
S. Farrell
P. Hoffman
M. Thomas
Stream:
IETF
Source:
httpauth (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC7486

Discuss this RFC: Send questions or comments to http-auth@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

HTTP Origin-Bound Authentication (HOBA) is a digital-signature-based design for an HTTP authentication method. The design can also be used in JavaScript-based authentication embedded in HTML. HOBA is an alternative to HTTP authentication schemes that require passwords and therefore avoids all problems related to passwords, such as leakage of server-side password databases.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader



Search RFCs
Advanced Search
×