[jira] [Updated] (CXF-7753) Support draft-cavage-http-signatures-09 OOTB

Dennis Kieselhorst (JIRA) Tue, 15 Jan 2019 23:43:00 -0800


     [ 
https://issues.apache.org/jira/browse/CXF-7753?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Dennis Kieselhorst updated CXF-7753:
------------------------------------
    Fix Version/s: 3.3.0

> Support draft-cavage-http-signatures-09 OOTB
> --------------------------------------------
>
>                 Key: CXF-7753
>                 URL: https://issues.apache.org/jira/browse/CXF-7753
>             Project: CXF
>          Issue Type: New Feature
>          Components: JAX-RS Security
>            Reporter: David J. M. Karlsen
>            Priority: Major
>              Labels: security, signature
>             Fix For: 3.3.0
>
>
> It would be nice to support http signing signatures:
> https://tools.ietf.org/html/draft-cavage-http-signatures-09
> It will probably increase in popularity as it's part of PSD2 security:
> https://www.stet.eu/assets/files/PSD2/API-DSP2-STET_V1.2.3_final.pdf
> I've found a library which could be used: 
> https://github.com/mbarbero/http-messages-signing
> either making the integration in that library, or providing a cxf component 
> using parts of it for the signing part.
> By doing this validation of incoming requests, as well as signing of outgoing 
> reqs could be handled transparently by either an interceptor, or maybe more 
> vanilla, a JAX-RS filter.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (CXF-7753) Support draft-cavage-http-signatures-09 OOTB

Reply via email to