HTTP Origin-Bound Authentication (HOBA)
draft-ietf-httpauth-hoba-10

Revision differences

Document history

Date Rev. By Action
2015-10-14
10 (System) Notify list changed from httpauth-chairs@ietf.org, "Yoav Nir" <ynir.ietf@gmail.com> to (None)
2015-03-11
10 (System) IANA registries were updated to include RFC7486
2015-03-10
10 (System) RFC published
2015-03-06
10 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2015-03-04
10 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2015-03-03
10 (System) RFC Editor state changed to RFC-EDITOR from IANA
2015-02-04
10 (System) RFC Editor state changed to IANA from EDIT
2015-01-21
10 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2015-01-20
10 (System) IANA Action state changed to Waiting on RFC Editor from Waiting on Authors
2015-01-20
10 (System) IANA Action state changed to Waiting on Authors
2015-01-13
10 Cindy Morgan IESG state changed to RFC Ed Queue from Approved-announcement sent
2015-01-13
10 (System) RFC Editor state changed to EDIT
2015-01-13
10 (System) Announcement was received by RFC Editor
2015-01-12
10 Amy Vezza IESG state changed to Approved-announcement sent from Approved-announcement to be sent::Point Raised - writeup needed
2015-01-12
10 Amy Vezza IESG has approved the document
2015-01-12
10 Amy Vezza Closed "Approve" ballot
2015-01-12
10 Amy Vezza Ballot approval text was generated
2015-01-12
10 Amy Vezza Ballot writeup was changed
2015-01-08
10 Barry Leiba
[Ballot comment]
I have looked at the change to Section 8.2, and I think it (and the reference) is a perfect choice, and makes ...
2015-01-08
10 Barry Leiba Ballot comment text updated for Barry Leiba
2015-01-08
10 Stephen Farrell IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2015-01-08
10 Stephen Farrell New version available: draft-ietf-httpauth-hoba-10.txt
2015-01-08
09 Cindy Morgan IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from Waiting for AD Go-Ahead
2015-01-08
09 Barry Leiba
[Ballot comment]
-- Section 8.2 --

I don't think you need to say "a la LinkedIn," and I think it's a bad idea to ...
2015-01-08
09 Barry Leiba [Ballot Position Update] Position for Barry Leiba has been changed to Yes from Discuss
2015-01-08
09 Cindy Morgan Changed consensus to Yes from Unknown
2015-01-08
09 Ted Lemon [Ballot Position Update] New position, Yes, has been recorded for Ted Lemon
2015-01-08
09 Richard Barnes
[Ballot comment]
Old DISCUSS points:

(1) Cleared (I still think the architecture is bad and Stephen should feel bad, but I'm willing to let ...
2015-01-08
09 Richard Barnes [Ballot Position Update] Position for Richard Barnes has been changed to No Objection from Discuss
2015-01-08
09 Richard Barnes
[Ballot discuss]
(1) It does not seem to me that the mechanism defined in this document actually conforms to the framework for HTTP authentication.  ...
2015-01-08
09 Richard Barnes Ballot discuss text updated for Richard Barnes
2015-01-08
09 Alia Atlas [Ballot comment]
Agree with Barry
2015-01-08
09 Alia Atlas [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas
2015-01-08
09 Richard Barnes
[Ballot discuss]
(1) It does not seem to me that the mechanism defined in this document actually conforms to the framework for HTTP authentication.  ...
2015-01-08
09 Richard Barnes
[Ballot comment]
Given that the size of the header seems to be a concern (since you're not passing the key in the header), why ...
2015-01-08
09 Richard Barnes Ballot comment and discuss text updated for Richard Barnes
2015-01-07
09 Joel Jaeggli [Ballot comment]
satisfied with the rersults from david black's opsdir review.
2015-01-07
09 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2015-01-07
09 Richard Barnes
[Ballot discuss]
(1) It does not seem to me that the mechanism defined in this document actually conforms to the framework for HTTP authentication.  ...
2015-01-07
09 Richard Barnes
[Ballot comment]
The HOBA-TBS construction seems really unnecessarily complicated.  Other than in the "origin" component, there are no ":" characters allowed in any of the ...
2015-01-07
09 Richard Barnes [Ballot Position Update] New position, Discuss, has been recorded for Richard Barnes
2015-01-07
09 Alissa Cooper
[Ballot comment]
Good stuff! Couple of comments.

= Logging out =

The intro says

"Logout features can be useful for UAs, so HOBA defines a way to ...
2015-01-07
09 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2015-01-07
09 Kathleen Moriarty Ballot writeup was changed
2015-01-07
09 Pete Resnick
[Ballot comment]
Yay HOBA! Very good that we are finally doing this thing. Totally nitty things here. Barry covered anything substantive that I found:

- Use ...
2015-01-07
09 Pete Resnick [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick
2015-01-07
09 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko
2015-01-07
09 Martin Stiemerling [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling
2015-01-06
09 BenoƮt Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2015-01-05
09 Barry Leiba
[Ballot discuss]
One small point left:

-- Section 8.2 --

I don't think you need to say "a la LinkedIn," and I think it's ...
2015-01-05
09 Barry Leiba
[Ballot comment]
This document would benefit from some section somewhere giving a set of clear, numbered steps, saying who sends, who receives, and who does ...
2015-01-05
09 Barry Leiba Ballot comment and discuss text updated for Barry Leiba
2015-01-05
09 Barry Leiba
[Ballot discuss]
Two small points to discuss:

-- Section 6.3 --

  The server SHOULD also revoke or delete any cookies associated with
  the session ...
2015-01-05
09 Barry Leiba
[Ballot comment]
This document would benefit from some section somewhere giving a set of clear, numbered steps, saying who sends, who receives, and who does ...
2015-01-05
09 Barry Leiba Ballot comment and discuss text updated for Barry Leiba
2015-01-05
09 Barry Leiba
[Ballot discuss]
Point 1:
I find the document to be really unclear about who does what with which and to whom and....  I gather ...
2015-01-05
09 Barry Leiba
[Ballot comment]
Minor editorial nit: you use "a HOBA" fairly consistently, but "an HOBA" appears twice.  Oughta fix.

The abstract appears to overstate the ...
2015-01-05
09 Barry Leiba [Ballot Position Update] Position for Barry Leiba has been changed to Discuss from No Record
2015-01-05
09 Barry Leiba
[Ballot comment]
Minor editorial nit: you use "a HOBA" fairly consistently, but "an HOBA" appears twice.  Oughta fix.

The abstract appears to overstate the ...
2015-01-05
09 Barry Leiba Ballot comment text updated for Barry Leiba
2015-01-02
09 Spencer Dawkins [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins
2015-01-02
09 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Donald Eastlake.
2015-01-02
09 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel
2014-12-31
09 (System) IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2014-12-31
09 Stephen Farrell [Ballot Position Update] New position, Recuse, has been recorded for Stephen Farrell
2014-12-30
09 Kathleen Moriarty Ballot has been issued
2014-12-30
09 Kathleen Moriarty [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty
2014-12-30
09 Kathleen Moriarty Created "Approve" ballot
2014-12-30
09 Stephen Farrell New version available: draft-ietf-httpauth-hoba-09.txt
2014-12-30
08 David Black Request for Telechat review by GENART Completed: Ready with Nits. Reviewer: David Black.
2014-12-29
08 Jean Mahoney Request for Telechat review by GENART is assigned to David Black
2014-12-29
08 Jean Mahoney Request for Telechat review by GENART is assigned to David Black
2014-12-26
08 Stephen Farrell IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2014-12-26
08 Stephen Farrell New version available: draft-ietf-httpauth-hoba-08.txt
2014-12-26
07 Amanda Baber IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK
2014-12-24
07 Kathleen Moriarty Placed on agenda for telechat - 2015-01-08
2014-12-24
07 (System) IESG state changed to Waiting for AD Go-Ahead from In Last Call
2014-12-22
07 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2014-12-22
07 Amanda Baber
IESG/Authors/WG Chairs:

IANA has reviewed draft-ietf-httpauth-hoba.  Authors should review the comments and/or questions below.  Please report any inaccuracies and respond ...
2014-12-17
07 Gunter Van de Velde Request for Last Call review by OPSDIR Completed: Ready. Reviewer: David Black.
2014-12-16
07 Gunter Van de Velde Closed request for Last Call review by OPSDIR with state 'Withdrawn'
2014-12-16
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to David Black
2014-12-16
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to David Black
2014-12-16
07 David Black Request for Last Call review by GENART Completed: On the Right Track. Reviewer: David Black.
2014-12-15
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Scott Bradner
2014-12-15
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Scott Bradner
2014-12-11
07 Jean Mahoney Request for Last Call review by GENART is assigned to David Black
2014-12-11
07 Jean Mahoney Request for Last Call review by GENART is assigned to David Black
2014-12-11
07 Tero Kivinen Request for Last Call review by SECDIR is assigned to Donald Eastlake
2014-12-11
07 Tero Kivinen Request for Last Call review by SECDIR is assigned to Donald Eastlake
2014-12-10
07 Amy Vezza IANA Review state changed to IANA - Review Needed
2014-12-10
07 Amy Vezza
The following Last Call announcement was sent out:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
CC: <http-auth@ietf.org>
Reply-To: ietf ...
2014-12-10
07 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2014-12-10
07 Kathleen Moriarty Last call was requested
2014-12-10
07 Kathleen Moriarty Ballot approval text was generated
2014-12-10
07 Kathleen Moriarty IESG state changed to Last Call Requested from Publication Requested
2014-12-10
07 Kathleen Moriarty Ballot writeup was changed
2014-12-10
07 Kathleen Moriarty Ballot writeup was generated
2014-12-10
07 Kathleen Moriarty Last call announcement was generated
2014-12-10
07 Yoav Nir
Authors are Stephen Farrell, Paul Hoffman, and Michael Thomas. Kathleen
Moriarty is the responsible Area Directory. Yoav Nir is the document
shepherd.

Summary
  HTTP ...
2014-12-10
07 Yoav Nir IETF WG state changed to Submitted to IESG for Publication from WG Document
2014-12-10
07 Yoav Nir IESG state changed to Publication Requested
2014-12-10
07 Yoav Nir IESG process started in state Publication Requested
2014-12-10
07 Yoav Nir Changed document writeup
2014-12-10
07 Yoav Nir
Notification list changed to draft-ietf-httpauth-hoba.all@tools.ietf.org, http-auth@ietf.org, httpauth-chairs@tools.ietf.org, "Yoav Nir" <ynir.ietf@gmail.com> from draft-ietf-httpauth-hoba.all ...
2014-12-10
07 Yoav Nir Document shepherd changed to Yoav Nir
2014-12-09
07 Stephen Farrell New version available: draft-ietf-httpauth-hoba-07.txt
2014-12-05
06 Kathleen Moriarty Intended Status changed to Experimental from None
2014-12-05
06 Kathleen Moriarty Notification list changed to draft-ietf-httpauth-hoba.all@tools.ietf.org, http-auth@ietf.org, httpauth-chairs@tools.ietf.org
2014-12-05
05 Kathleen Moriarty Shepherding AD changed to Kathleen Moriarty
2014-12-05
06 Stephen Farrell New version available: draft-ietf-httpauth-hoba-06.txt
2014-10-07
05 Stephen Farrell New version available: draft-ietf-httpauth-hoba-05.txt
2014-08-14
04 Stephen Farrell New version available: draft-ietf-httpauth-hoba-04.txt
2014-04-18
03 Paul Hoffman New version available: draft-ietf-httpauth-hoba-03.txt
2013-10-18
02 Paul Hoffman New version available: draft-ietf-httpauth-hoba-02.txt
2013-07-15
01 Stephen Farrell New version available: draft-ietf-httpauth-hoba-01.txt
2013-05-14
00 Stephen Farrell New version available: draft-ietf-httpauth-hoba-00.txt