W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

New version of draft-farrell-httpbis-hoba

From: Paul Hoffman <paul.hoffman@gmail.com>
Date: Mon, 16 Jul 2012 13:49:49 -0700
Message-ID: <CAPik8yZG5NWLWEsbW9g+1ZjcXxGD3WRS3t-R3hrNotP9beN0GQ@mail.gmail.com>
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Greetings again. Stephen Farrell and I teamed up on the -01 for
draft-farrell-httpbis-hoba. It has some major changes that might
interest this WG as we decide which authentication mechanism(s) to
adopt for HTTP 2. The proposed mechanism has changed from "TLS inside
of HTTP" to a simple challenge-response with a signed response. Also,
we propose using a .well-known URL scheme for the authentication
assistance features such as sign-up and logout. We retain the basic
property that this is an alternative to using passwords.

--Paul Hoffman

A new version of I-D, draft-farrell-httpbis-hoba-01.txt
has been successfully submitted by Paul Hoffman and posted to the
IETF repository.

Filename:	 draft-farrell-httpbis-hoba
Revision:	 01
Title:		 HTTP Origin-Bound Authentication (HOBA)
Creation date:	 2012-07-16
WG ID:		 Individual Submission
Number of pages: 11
URL:
http://www.ietf.org/internet-drafts/draft-farrell-httpbis-hoba-01.txt
Status:          http://datatracker.ietf.org/doc/draft-farrell-httpbis-hoba
Htmlized:        http://tools.ietf.org/html/draft-farrell-httpbis-hoba-01
Diff:
http://tools.ietf.org/rfcdiff?url2=draft-farrell-httpbis-hoba-01

Abstract:
  HTTP Origin-Bound Authentication (HOBA) is an HTTP authentication
  method with credentials that are not vulnerable to simple phishing
  attacks, and that does not require a server-side password database.
  It is an alternative to HTTP authentication that requires passwords
  and all the negative attributes that come with password-based
  systems.  HOBA can be integrated with account management and other
  applications running over HTTP and supports portability, so a user
  can associate more than one device or origin-bound certificate with
  the same service.  HOBA has many other useful features such as a
  mechanism to handle state-loss if one of a user's credentials is lost
  and a logout mechanism.
Received on Monday, 16 July 2012 20:50:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 16 July 2012 20:50:22 GMT