RFC 7486
HTTP Origin-Bound Authentication (HOBA), March 2015
- Canonical URL:
- https://www.rfc-editor.org/rfc/rfc7486.txt
- File formats:
- Status:
- EXPERIMENTAL
- Authors:
- S. Farrell
P. Hoffman
M. Thomas - Stream:
- IETF
- Source:
- httpauth (sec)
DOI: 10.17487/RFC7486
Discuss this RFC: Send questions or comments to http-auth@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF
Abstract
HTTP Origin-Bound Authentication (HOBA) is a digital-signature-based design for an HTTP authentication method. The design can also be used in JavaScript-based authentication embedded in HTML. HOBA is an alternative to HTTP authentication schemes that require passwords and therefore avoids all problems related to passwords, such as leakage of server-side password databases.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.