Re: Cavage HTTP Keypair Authorization Implementation from Manu Sporny on 2021-01-26 (public-credentials@w3.org from January 2021)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 26 Jan 2021 15:01:59 -0500
To: Antony Gaitatzis <backupbrain@gmail.com>
Cc: W3C Credentials CG <public-credentials@w3.org>, Mark Cavage <mcavage@gmail.com>
Message-ID: <e6a322c5-1746-512b-c7da-dd7b19278bdd@digitalbazaar.com>

On 1/26/21 11:36 AM, Antony Gaitatzis wrote:
> I want to say that your work on the IETF
> draft-cavage-http-signatures standard has been inspirational to me.

Great, glad that you like the specification, Antony. :)

> I've implemented it in several websites and REST-based products, and 
> recently released open source implementations in NodeJS, Browser JS
> on npm
> <https://www.npmjs.com/package/client-http-keypair-authorization>, 
> and Python for Django Rest Framework on PyPi 
> <https://pypi.org/project/drf-keypair-permissions/>, for anyone who 
> wishes to implement this standard in their own project.  I thought
> you might enjoy knowing how your work has touched another person and
> to see live implementations in the world.

Wonderful! Thank you for all that hard work! It's really great to hear
from you and see your work. :)

Can you please add those implementation links to the issue here (with
your Github handle). It helps us track who has implemented the
specification:

https://github.com/w3c-ccg/http-signatures/issues/1

I'll also note that the specification has been taken up by the HTTP WG
here... so there are newer versions if you're not aware. The latest
specification can be found here:

https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html

https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/

> For this reason, I recommend that *C.1.* and *C.2.* do not include
> the "Date" or "Host" headers.  Instead I suggest that: ** C.1.
> Default Test* employ the `created` signature parameter * *C.2. Basic
> Test* employ the `created` and `request-target` signature parameter

You will want to raise this issue on the HTTP WG issue tracker to make
sure we're tracking it:

https://github.com/httpwg/http-extensions/issues

Again, great work and wonderful to hear from you! :)

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Tuesday, 26 January 2021 20:02:16 UTC