HTTP Authentication with EAP

Document Type Expired Internet-Draft (individual)
Authors Jari Arkko  , Vesa Torvinen  , Aki Niemi 
Last updated 2001-11-21
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes a HTTP authentication scheme using PPP Extensible Authentication Protocol (EAP). HTTP EAP authentication enables HTTP connections to be authenticated using any of the authentication schemes supported through EAP. EAP performs the authentication without sending the password in the clear text format (which is the biggest weakness of the Basic HTTP authentication scheme, for example). EAP is useful for HTTP protocol because it opens up several new authentication schemes without additional specification work. The same benefits can be reached by any other protocols, which apply HTTP authentication, such as Session Initiation Protocol (SIP).


Jari Arkko (
Vesa Torvinen (
Aki Niemi (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)