Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-7753

Support draft-cavage-http-signatures-09 OOTB

    XMLWordPrintableJSON

    Details

    • Estimated Complexity:
      Moderate

      Description

      It would be nice to support http signing signatures:
      https://tools.ietf.org/html/draft-cavage-http-signatures-09

      It will probably increase in popularity as it's part of PSD2 security:
      https://www.stet.eu/assets/files/PSD2/API-DSP2-STET_V1.2.3_final.pdf

      I've found a library which could be used: https://github.com/mbarbero/http-messages-signing
      either making the integration in that library, or providing a cxf component using parts of it for the signing part.

      By doing this validation of incoming requests, as well as signing of outgoing reqs could be handled transparently by either an interceptor, or maybe more vanilla, a JAX-RS filter.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              davidkarlsen David J. M. Karlsen
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: