A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : HTTP Origin-Bound Authentication (HOBA) Author(s) : Stephen Farrell Filename : draft-farrell-httpbis-hoba-00.txt Pages : 11 Date : 2012-06-13 Abstract: This memo proposes a way of using origin-bound certificates for HTTP authentication, called HOBA. HOBA is an HTTP authentication method with credentials that are not vulnerable to simple phishing attacks, and that does not require a server-side password database, both major potential positives, if deployed. HOBA can be integrated with account management and other applications running over HTTP and supports portability, so a user can associate more than one device or origin-bound certificate with the same service. This also provides a mechanism to handle state-loss, if one of a user's credentials is lost. HOBA also provides a logout mechanism. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-farrell-httpbis-hoba There's also a htmlized version available at: http://tools.ietf.org/html/draft-farrell-httpbis-hoba-00 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
