Shepherd writeup
rfc7486-10

Authors are Stephen Farrell, Paul Hoffman, and Michael Thomas. Kathleen 
Moriarty is the responsible Area Directory. Yoav Nir is the document 
shepherd.

Summary
   HTTP Origin-Bound Authentication (HOBA) is a digital signature based
   design for an HTTP authentication method.  The design can also be
   used in Javascript-based authentication embedded in HTML.  HOBA is an
   alternative to HTTP authentication schemes that require passwords and
   therefore avoids all problems related to passwords, such as leakage
   of server-side password databases.
   
Review and Consensus
   This document is one of the experimental documents submitted to the
   HTTP-Auth working group. The proposed authentication method has been
   reviewed by many participants, mostly in WGLC, resulting in a 
   longish list in the acknowledgements section and some substantial 
   changes.
   
   With version -07 it is the consensus of the HTTP-Auth working group 
   that this document is fit to be published as an experimental RFC.
   
   There are at least two implementations of the protocol in this 
   document ([1],[2]). They work and interoperate, but there is no 
   wide-spread deployment, which suggests that "experimental" is the 
   correct track for this document.
   
Intellectual Property
   All authors have confirmed that they are not aware of any undisclosed 
   IPR associated with this document. There have been no IPR disclosures.
   
Other Issues
   None
   
[1] https://hoba.ie
[2] https://github.com/razevedo/hoba-authentication
Back