Hi, Does Sling already have a generic mechanism that would support generating something like an AWS policy signature [1] ?
Obviously, an AWS policy signature is an implementation detail that I would expect would be hidden behind a SPI. The flow I am thinking of is: 1. http client requests authorization to perform an operation on a remote service. 2. Sling responds with some data that represents authorization the remote service understands. 3. http client uses the authorisation to perform the operation. 4. remote service validates the authorisation. I am thinking Sling would respond to step 1 with a servlet bound to a node with a resource type, that node containing some configuration. I know this sounds like an OAuth flow, and OAuth would be 1 implementation, but there are others that dont use OAuth, like AWS[1]. Does Sling have this already or is it something that I would need to explore in a whiteboard subtree ? Best Regards Ian 1 http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html
