- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sat, 04 May 2013 18:28:35 -0400
- To: Web Payments <public-webpayments@w3.org>
The HTTP Signatures spec is a digital signature mechanism for the HTTP protocol. It adds origin authentication, message integrity, and replay resistance to HTTP requests. This is useful for any application that currently depends on Basic, Digest, OAuth, or OAuth2 authentication when performing RESTful HTTP calls. Basically, if a client needs to prove to a server that it sent an HTTP-based message, it can digitally sign that message. This spec defines exactly how that happens. This spec will be used by the Web Payments / PaySwarm / Web Keys work. We're going to combine the public/private key-based signature mechanism defined in HTTP Signatures with the public key infrastructure system as defined in Web Keys to provide an easy way for nodes on the Internet to verify their identity to other nodes on the Internet. The first draft of this spec was just published via the Internet Engineering Task Force (IETF) earlier today: http://tools.ietf.org/html/draft-cavage-http-signatures-00 You can also find a datetime-stamped version of the spec here: https://payswarm.com/specs/ED/http-signatures/2013-05-04/ The latest version of the spec can be found on the PaySwarm specs page: https://payswarm.com/specs/ -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Meritora - Web payments commercial launch http://blog.meritora.com/launch/
Received on Saturday, 4 May 2013 22:29:26 UTC