[jira] [Created] (CXF-7753) Support draft-cavage-http-signatures-09 OOTB

David J. M. Karlsen (JIRA) Tue, 05 Jun 2018 03:03:54 -0700

David J. M. Karlsen created CXF-7753:
----------------------------------------


             Summary: Support draft-cavage-http-signatures-09 OOTB
                 Key: CXF-7753
                 URL: https://issues.apache.org/jira/browse/CXF-7753
             Project: CXF
          Issue Type: Improvement
          Components: JAX-RS Security
            Reporter: David J. M. Karlsen


It would be nice to support http signing signatures:
https://tools.ietf.org/html/draft-cavage-http-signatures-09

It will probably increase in popularity as it's part of PSD2 security:
https://www.stet.eu/assets/files/PSD2/API-DSP2-STET_V1.2.3_final.pdf

I've found a library which could be used: 
https://github.com/mbarbero/http-messages-signing
either making the integration in that library, or providing a cxf component 
using parts of it for the signing part.

By doing this validation of incoming requests, as well as signing of outgoing 
reqs could be handled transparently by either an interceptor, or maybe more 
vanilla, a JAX-RS filter.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (CXF-7753) Support draft-cavage-http-signatures-09 OOTB

Reply via email to