WTF!!!! There are already several standards
HTTP has well working ways to authenticate a user, so does TLS. In fact TLS client certificates could even be simpler and more than secure than anything else, if only browser vendors would make them usable.