Version 12 (modified by stephen.farrell@…, 10 years ago) (diff)


HTTP Authentication Proposals

This page tracks proposals for new HTTP authentication schemes.

To make a proposal, please submit an Internet-Draft whose name follows this convention:

draft-{your name}-httpbis-{proposal name}

Current Proposals


A proposal for classification and analysis of HTTPbis authentication proposals. HTML version.


A proposal for authentication based on SASL/GSS at the application network layer (but at the HTTP API layer). HTML version.

draft-oiwa-httpbis-mutualauth: HTTP Mutual authentication

A secure HTTP authentication method providing user-server mutual authentication, strong secrecy on passwords, and others. Combined with auth-extension below to support Web application requirements (i.e. to replace Form authentication).

draft-oiwa-httpbis-auth-extension: HTTP authentication extensions for interactive clients

A simple but powerful generic framework extension to HTTP authentication, to enable use of HTTP authentication for recent Web applications.

draft-farrell-httpbis-hoba: HTTP Origin Bound Authentication (HOBA)

An even more simple, but not at all powerful mechanism based on OBC, to try end up with fewer passwords in the world.