HTTP Origin-Bound Authentication
RFC 7486, “HTTP Origin-Bound Authentication”, is an Experimental document published in March 2015 by S. Farrell, P. Hoffman, M. Thomas. The canonical text is published by the RFC Editor.
Abstract
HTTP Origin-Bound Authentication (HOBA) is a digital-signature-based design for an HTTP authentication method. The design can also be used in JavaScript-based authentication embedded in HTML. HOBA is an alternative to HTTP authentication schemes that require passwords and therefore avoids all problems related to passwords, such as leakage of server-side password databases.
What “Experimental” means
Describes a specification that is part of a research or development effort, published so the community can gain experience with it.
The canonical text of RFC 7486 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7485 Inventory and Analysis of WHOIS Registration Objects
- RFC 7487 Configuration of Proactive Operations, Administration, and Maintenance Functions for MPLS-Based Transport Networks Using RSVP-TE
- RFC 7484 Finding the Authoritative Registration Data Service
- RFC 7488 Port Control Protocol Server Selection
- RFC 7483 JSON Responses for the Registration Data Access Protocol
- RFC 7489 Domain-based Message Authentication, Reporting, and Conformance
- RFC 7482 Registration Data Access Protocol Query Format
- RFC 7490 Remote Loop-Free Alternate Fast Reroute