Version 12 (modified by stephen.farrell@…, 10 years ago) (diff) |
---|
HTTP Authentication Proposals
This page tracks proposals for new HTTP authentication schemes.
To make a proposal, please submit an Internet-Draft whose name follows this convention:
draft-{your name}-httpbis-{proposal name}
Current Proposals
Classification
A proposal for classification and analysis of HTTPbis authentication proposals. HTML version.
REST-GSS
A proposal for authentication based on SASL/GSS at the application network layer (but at the HTTP API layer). HTML version.
draft-oiwa-httpbis-mutualauth: HTTP Mutual authentication
A secure HTTP authentication method providing user-server mutual authentication, strong secrecy on passwords, and others. Combined with auth-extension below to support Web application requirements (i.e. to replace Form authentication).
draft-oiwa-httpbis-auth-extension: HTTP authentication extensions for interactive clients
A simple but powerful generic framework extension to HTTP authentication, to enable use of HTTP authentication for recent Web applications.
draft-farrell-httpbis-hoba: HTTP Origin Bound Authentication (HOBA)
An even more simple, but not at all powerful mechanism based on OBC, to try end up with fewer passwords in the world.