W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Fwd: New Version Notification for draft-farrell-httpbis-hoba-00.txt

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Wed, 13 Jun 2012 16:06:58 +0100
Message-ID: <4FD8AC92.3010701@cs.tcd.ie>
To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>

FYI, another potential auth mechanism.

-------- Original Message --------
Subject: New Version Notification for draft-farrell-httpbis-hoba-00.txt
Date: Wed, 13 Jun 2012 08:00:28 -0700
From: internet-drafts@ietf.org
To: stephen.farrell@cs.tcd.ie


A new version of I-D, draft-farrell-httpbis-hoba-00.txt
has been successfully submitted by Stephen Farrell and posted to the
IETF repository.

Filename:	 draft-farrell-httpbis-hoba
Revision:	 00
Title:		 HTTP Origin-Bound Authentication (HOBA)
Creation date:	 2012-06-13
WG ID:		 Individual Submission
Number of pages: 11
URL:
http://www.ietf.org/internet-drafts/draft-farrell-httpbis-hoba-00.txt
Status:          http://datatracker.ietf.org/doc/draft-farrell-httpbis-hoba
Htmlized:        http://tools.ietf.org/html/draft-farrell-httpbis-hoba-00


Abstract:
   This memo proposes a way of using origin-bound certificates for HTTP
   authentication, called HOBA.  HOBA is an HTTP authentication method
   with credentials that are not vulnerable to simple phishing attacks,
   and that does not require a server-side password database, both major
   potential positives, if deployed.  HOBA can be integrated with
   account management and other applications running over HTTP and
   supports portability, so a user can associate more than one device or
   origin-bound certificate with the same service.  This also provides a
   mechanism to handle state-loss, if one of a user's credentials is
   lost.  HOBA also provides a logout mechanism.





The IETF Secretariat
Received on Wednesday, 13 June 2012 15:07:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 13 June 2012 15:07:38 GMT