David J. M. Karlsen created CXF-7753: ----------------------------------------
Summary: Support draft-cavage-http-signatures-09 OOTB Key: CXF-7753 URL: https://issues.apache.org/jira/browse/CXF-7753 Project: CXF Issue Type: Improvement Components: JAX-RS Security Reporter: David J. M. Karlsen It would be nice to support http signing signatures: https://tools.ietf.org/html/draft-cavage-http-signatures-09 It will probably increase in popularity as it's part of PSD2 security: https://www.stet.eu/assets/files/PSD2/API-DSP2-STET_V1.2.3_final.pdf I've found a library which could be used: https://github.com/mbarbero/http-messages-signing either making the integration in that library, or providing a cxf component using parts of it for the signing part. By doing this validation of incoming requests, as well as signing of outgoing reqs could be handled transparently by either an interceptor, or maybe more vanilla, a JAX-RS filter. -- This message was sent by Atlassian JIRA (v7.6.3#76005)