Document Name: RFC 7486
Document URI: urn:ietf:rfc:7486
Online Version:
Organization: Internet Engineering Task Force (IETF)
Series: Request for Comments (RFC)
Abstract: HTTP Origin-Bound Authentication (HOBA) is a digital-signature-based design for an HTTP authentication method. The design can also be used in JavaScript-based authentication embedded in HTML. HOBA is an alternative to HTTP authentication schemes that require passwords and therefore avoids all problems related to passwords, such as leakage of server-side password databases.

Specified Web Concepts:

HTTP Authentication Schemes


HTTP Header Fields


Well-Known URIs


Return to ( Series | Organization | all Specifications )