%% You should probably cite rfc7486 instead of this I-D. @techreport{ietf-httpauth-hoba-01, number = {draft-ietf-httpauth-hoba-01}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-httpauth-hoba/01/}, author = {Stephen Farrell and Paul E. Hoffman and Michael Thomas}, title = {{HTTP Origin-Bound Authentication (HOBA)}}, pagetotal = 26, year = 2013, month = jul, day = 15, abstract = {HTTP Origin-Bound Authentication (HOBA) is a design for an HTTP authentication method with credentials that are not vulnerable to phishing attacks, and that does not require a server-side password database. The design can also be used in Javascript-based authentication embedded in HTML. HOBA is an alternative to HTTP authentication schemes that require passwords with all the negative attributes that come with password-based systems.}, }