W3C home > Mailing lists > Public > public-credentials@w3.org > March 2021

Re: HTTP-Signatures - was: Roadmap: Verifiable Trust Standards

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Mon, 8 Mar 2021 11:08:46 -0500
To: Henry Story <henry.story@gmail.com>
Cc: W3C Credentials CG <public-credentials@w3.org>
Message-ID: <b3931d8c-584b-b2d0-b27f-7a93e53a7eb1@digitalbazaar.com>
On 3/8/21 10:45 AM, Henry Story wrote:
> I noticed in your slides a row for HTTP Signatures. Where is the work on 
> the authentication part of draft-cavage-* now going on?

Hi Henry, good to hear from you! :)

The work has been adopted by the IETF HTTP WG as an extension specification to
HTTP and is now on the IETF standards track:

https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/

Latest is here:

https://tools.ietf.org/html/draft-ietf-httpbis-message-signatures-01

Issue tracker is here:

https://github.com/httpwg/http-extensions/issues?q=is%3Aissue+is%3Aopen+label%3Asignatures

> So for example I just noticed that the old spec had Signature 
> Authentication method in the header but I used ”HttpSig”. Where can I go to
> work out what the right thing to do is?

The links above should get you engaged with the right WG. I will note that
there have been breaking changes since entering the HTTP WG, so don't assume
that it works like it had for the past 8+ years. They're trying hard to align
it with current best practices for HTTP (e.g., using structured header syntax).

HTTP Signatures are used heavily for Authorization Capabilities (zcaps) and in
the Encrypted Data Vault work. So yes, lots of overlap w/ Solid and Solid-like
projects.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches
Received on Monday, 8 March 2021 16:09:03 UTC

This archive was generated by hypermail 2.4.0 : Monday, 8 March 2021 16:09:04 UTC