Authors are Stephen Farrell, Paul Hoffman, and Michael Thomas. Kathleen
Moriarty is the responsible Area Directory. Yoav Nir is the document
shepherd.
Summary
HTTP Origin-Bound Authentication (HOBA) is a digital signature based
design for an HTTP authentication method. The design can also be
used in Javascript-based authentication embedded in HTML. HOBA is an
alternative to HTTP authentication schemes that require passwords and
therefore avoids all problems related to passwords, such as leakage
of server-side password databases.
Review and Consensus
This document is one of the experimental documents submitted to the
HTTP-Auth working group. The proposed authentication method has been
reviewed by many participants, mostly in WGLC, resulting in a
longish list in the acknowledgements section and some substantial
changes.
With version -07 it is the consensus of the HTTP-Auth working group
that this document is fit to be published as an experimental RFC.
There are at least two implementations of the protocol in this
document ([1],[2]). They work and interoperate, but there is no
wide-spread deployment, which suggests that "experimental" is the
correct track for this document.
Intellectual Property
All authors have confirmed that they are not aware of any undisclosed
IPR associated with this document. There have been no IPR disclosures.
Other Issues
None
[1] https://hoba.ie
[2] https://github.com/razevedo/hoba-authentication