The IESG has received a request from the Hypertext Transfer Protocol Authentication WG (httpauth) to consider the following document: - 'HTTP Origin-Bound Authentication (HOBA)' <draft-ietf-httpauth-hoba-07.txt> as Experimental RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2014-12-24. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract HTTP Origin-Bound Authentication (HOBA) is a digital signature based design for an HTTP authentication method. The design can also be used in Javascript-based authentication embedded in HTML. HOBA is an alternative to HTTP authentication schemes that require passwords and therefore avoids all problems related to passwords, such as leakage of server-side password databases. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-httpauth-hoba/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-httpauth-hoba/ballot/ No IPR declarations have been submitted directly on this I-D.
