It would be nice to support http signing signatures:
It will probably increase in popularity as it's part of PSD2 security:
I've found a library which could be used: https://github.com/mbarbero/http-messages-signing
either making the integration in that library, or providing a cxf component using parts of it for the signing part.
By doing this validation of incoming requests, as well as signing of outgoing reqs could be handled transparently by either an interceptor, or maybe more vanilla, a JAX-RS filter.