Search RFCs

RFC Editor

File formats:

Status:

EXPERIMENTAL

Authors:

S. Farrell
P. Hoffman
M. Thomas

Stream:

IETF

Source:

httpauth (sec)

Cite this RFC:TXT  | XML  |  BibTeX

DOI:  https://doi.org/10.17487/RFC7486

Discuss this RFC: Send questions or comments to the mailing listietf-http-wg@w3.org

Other actions:Submit Errata  | Find IPR Disclosures from the IETF  | View History of RFC 7486

Abstract

HTTP Origin-Bound Authentication (HOBA) is a digital-signature-baseddesign for an HTTP authentication method. The design can also beused in JavaScript-based authentication embedded in HTML. HOBA is analternative to HTTP authentication schemes that require passwords andtherefore avoids all problems related to passwords, such as leakageof server-side password databases.

For the definition ofStatus,seeRFC 2026.

For the definition ofStream, seeRFC 8729.