Re: HTTP Signatures Updates from Henry Story on 2021-04-27 (ietf-http-wg@w3.org from April to June 2021)

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 27 Apr 2021 21:43:45 +0200
To: Justin Richer <jricher@mit.edu>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-Id: <FBE5237C-D3A5-4467-B512-E352880063DE@bblfish.net>

> On 27. Apr 2021, at 18:55, Justin Richer <jricher@mit.edu> wrote:
> 
> [...]
> So while we don’t think it’s ready for WGLC yet, we would like to get more eyes on the text and help keep pushing it forward. Please review the draft, help file issues (and/or PRs), and try to build the blasted thing. I’ve implemented the current draft myself on a couple platforms, and I’ve been seeing other implementers tracking it as well. It’s encouraging to see running code on this at this stage.

As Justin knows from the recent issues I submitted [1], I have been busy over the
past weeks writing an implementation of Signing HTTP Messages in Scala 3 :-).

This required me to implement RFC8941 from scratch and I am nearly done with signing
messages. Both have a good set of tests to go with them.

The code is in the repo here together with a web server I am writing and which I will be
testing it with
  https://github.com/co-operating-systems/Reactive-SoLiD

The code could easily be extracted into self contained libraries both for RFC8941 and
for Signing Messages, enabling it to work with multiple web frameworks, both in the Java and
JavaScript ecosystem,  since Scala compiles to both.

I have been able to do this due to a grant from the EU in a project called
Solid Control [2]. The project involves writing a web server as well as
authentication and authorization framework [3].

As I am getting paid my Milestones I had to make up before the project, and am a bit
late I am not going to have time to turn these into nice self contained libraries.
If anyone here would like to take that on, that would be great. As the milestones
are not strictly time limited, I could also be convinced to put some time into
doing that if there is a real need.

Henry

[1] It is worth checking these out, as there are a few important fixes on the way
    https://github.com/httpwg/http-extensions/issues/created_by/bblfish
[2] https://nlnet.nl/project/SolidControl/
[3] https://github.com/bblfish/authentication-panel/blob/HttpSig/proposals/HttpSignature.md

https://co-operating.systems
WhatsApp, Signal, Tel: +33 6 38 32 69 84‬
Twitter: @bblfish

Received on Tuesday, 27 April 2021 19:44:01 UTC