Encryption beyond ws-security: JWE, encrypted content-coding, CMS or else

Hi @all,

I'm trying to find a suitable way to replace ws-* for encrypting
payload bodies with some other specification more suitable to a REST
It seems that the enterprise industry is still fond of JWE - but  I'd
avoid it if I can, considering that a good library like google/tink is
not going to implement it
moreover the specs

Leveraging the content-coding feature of HTTP, there's rfc8188 which
seems interesting: still I don't know how many implementers are in the
wild. Don't know if that mechanism can be extended to PKI encryption.
Another solution could be CMS / S-mime.

What do you think/use/suggest?

Thanks and regards,

Received on Tuesday, 29 September 2020 15:58:16 UTC