[CXF-7753] Support draft-cavage-http-signatures-09 OOTB - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.3.0
Component/s: JAX-RS Security
Labels:
- security
- signature

Estimated Complexity:
Moderate

Description

It would be nice to support http signing signatures:
https://tools.ietf.org/html/draft-cavage-http-signatures-09

It will probably increase in popularity as it's part of PSD2 security:
https://www.stet.eu/assets/files/PSD2/API-DSP2-STET_V1.2.3_final.pdf

I've found a library which could be used: https://github.com/mbarbero/http-messages-signing
either making the integration in that library, or providing a cxf component using parts of it for the signing part.

By doing this validation of incoming requests, as well as signing of outgoing reqs could be handled transparently by either an interceptor, or maybe more vanilla, a JAX-RS filter.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: David J. M. Karlsen

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 05/Jun/18 10:02

Updated:: 25/Mar/19 12:28

Resolved:: 16/Jan/19 22:13