- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Mon, 8 Mar 2021 11:08:46 -0500
- To: Henry Story <henry.story@gmail.com>
- Cc: W3C Credentials CG <public-credentials@w3.org>
On 3/8/21 10:45 AM, Henry Story wrote: > I noticed in your slides a row for HTTP Signatures. Where is the work on > the authentication part of draft-cavage-* now going on? Hi Henry, good to hear from you! :) The work has been adopted by the IETF HTTP WG as an extension specification to HTTP and is now on the IETF standards track: https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/ Latest is here: https://tools.ietf.org/html/draft-ietf-httpbis-message-signatures-01 Issue tracker is here: https://github.com/httpwg/http-extensions/issues?q=is%3Aissue+is%3Aopen+label%3Asignatures > So for example I just noticed that the old spec had Signature > Authentication method in the header but I used ”HttpSig”. Where can I go to > work out what the right thing to do is? The links above should get you engaged with the right WG. I will note that there have been breaking changes since entering the HTTP WG, so don't assume that it works like it had for the past 8+ years. They're trying hard to align it with current best practices for HTTP (e.g., using structured header syntax). HTTP Signatures are used heavily for Authorization Capabilities (zcaps) and in the Encrypted Data Vault work. So yes, lots of overlap w/ Solid and Solid-like projects. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Monday, 8 March 2021 16:09:03 UTC