RFC 7486
HTTP Origin-Bound Authentication (HOBA), March 2015
- File formats:
- Status:
- EXPERIMENTAL
- Authors:
- S. Farrell
P. Hoffman
M. Thomas - Stream:
- IETF
- Source:
- httpauth (sec)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC7486
Discuss this RFC: Send questions or comments to the mailing list ietf-http-wg@w3.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7486
Abstract
HTTP Origin-Bound Authentication (HOBA) is a digital-signature-based design for an HTTP authentication method. The design can also be used in JavaScript-based authentication embedded in HTML. HOBA is an alternative to HTTP authentication schemes that require passwords and therefore avoids all problems related to passwords, such as leakage of server-side password databases.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.