- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Wed, 13 Jun 2012 16:06:58 +0100
- To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
FYI, another potential auth mechanism. -------- Original Message -------- Subject: New Version Notification for draft-farrell-httpbis-hoba-00.txt Date: Wed, 13 Jun 2012 08:00:28 -0700 From: internet-drafts@ietf.org To: stephen.farrell@cs.tcd.ie A new version of I-D, draft-farrell-httpbis-hoba-00.txt has been successfully submitted by Stephen Farrell and posted to the IETF repository. Filename: draft-farrell-httpbis-hoba Revision: 00 Title: HTTP Origin-Bound Authentication (HOBA) Creation date: 2012-06-13 WG ID: Individual Submission Number of pages: 11 URL: http://www.ietf.org/internet-drafts/draft-farrell-httpbis-hoba-00.txt Status: http://datatracker.ietf.org/doc/draft-farrell-httpbis-hoba Htmlized: http://tools.ietf.org/html/draft-farrell-httpbis-hoba-00 Abstract: This memo proposes a way of using origin-bound certificates for HTTP authentication, called HOBA. HOBA is an HTTP authentication method with credentials that are not vulnerable to simple phishing attacks, and that does not require a server-side password database, both major potential positives, if deployed. HOBA can be integrated with account management and other applications running over HTTP and supports portability, so a user can associate more than one device or origin-bound certificate with the same service. This also provides a mechanism to handle state-loss, if one of a user's credentials is lost. HOBA also provides a logout mechanism. The IETF Secretariat
Received on Wednesday, 13 June 2012 15:07:28 UTC