Re: HTTP-Signatures - was: Roadmap: Verifiable Trust Standards

On 3/8/21 10:45 AM, Henry Story wrote:
> I noticed in your slides a row for HTTP Signatures. Where is the work on 
> the authentication part of draft-cavage-* now going on?

Hi Henry, good to hear from you! :)

The work has been adopted by the IETF HTTP WG as an extension specification to
HTTP and is now on the IETF standards track:

Latest is here:

Issue tracker is here:

> So for example I just noticed that the old spec had Signature 
> Authentication method in the header but I used ”HttpSig”. Where can I go to
> work out what the right thing to do is?

The links above should get you engaged with the right WG. I will note that
there have been breaking changes since entering the HTTP WG, so don't assume
that it works like it had for the past 8+ years. They're trying hard to align
it with current best practices for HTTP (e.g., using structured header syntax).

HTTP Signatures are used heavily for Authorization Capabilities (zcaps) and in
the Encrypted Data Vault work. So yes, lots of overlap w/ Solid and Solid-like

-- manu

Manu Sporny -
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches

Received on Monday, 8 March 2021 16:09:03 UTC