# HTTP signatures ###### tags: `httpsig` `gnap` ## :memo: Inputs [Intro video](https://identiverse.gallery.video/detail/videos/standards/video/6184748408001/beyond-bearer-tokens-with-http-message-signatures?autoStart=true) [Spec HTTP message signature](https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-01.html) [Github](https://github.com/httpwg/http-extensions#signing-http-messages) [Github issues](https://github.com/httpwg/http-extensions/issues?q=is%3Aopen+is%3Aissue+label%3Asignatures) [Interim](https://httpwg.org/wg-materials/interim-20-10/minutes.html) - some criticisms to check, slides missing https://www.rfc-editor.org/rfc/rfc8941.html https://github.com/httpwg/http-extensions/pull/1411 https://github.com/httpwg/http-extensions/pull/1438 https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-03.html https://github.com/bspk/oauth.xyz-java/blob/master/lib/src/main/java/io/bspk/oauth/xyz/crypto/SignatureVerifier.java https://github.com/bspk/oauth.xyz-java/blob/master/rc/src/main/java/io/bspk/oauth/xyz/http/SigningRestTemplateService.java (signer side) ## Next steps - what are the next steps for this spec? There are some open issues (32), not sure what the plan is - how confident are we that it will be finalized? (important) - mostly usable as is already for the purpose of GNAP, but: will people implement it? ## Go ### sfv - https://go-review.googlesource.com/c/go/+/250837 - structured headers https://github.com/golang/go/issues/41046 The main difference is that SFV's maps (Dictionary and Params) are ordered while Go's map isn't https://github.com/hyperium/http/issues/475 through extensions https://github.com/algesten/hreq/blob/b0e6f6c9ac6e806f85b686a21ca7556e247caa51/src/head_ext.rs https://github.com/algesten/hreq/blob/b0e6f6c9ac6e806f85b686a21ca7556e247caa51/src/client/req_ext.rs JWS ring est utilisé par ex dans biscuit https://npmccallum.gitlab.io/post/do-not-use-ring-or-rustls/ mais pas vraiment d'alternative https://github.com/libp2p/rust-libp2p/discussions/1975 https://www.reddit.com/r/rust/comments/lcsg0u/ownership_and_maintenance_struggles_in/ https://github.com/hyperium/headers/ https://docs.rs/headers/0.3.4/headers/#traits https://github.com/SergioBenitez/Rocket/issues/1498 https://github.com/hwchen/tophat/blob/main/NOTES.md https://github.com/http-rs/async-h1/issues/95
Last changed by  
fimbault
223

Read more

Digital garden @fimbault

Posts in English Blog posts Previously hosted on medium, I'm now on my own blog. That's where you'll find longer opinion pieces. EN 2022 I aim to use way less my social accounts these days, focusing on deep work. GNAP security model EN 2021 We just published the final report of our mediam project (funded by NGI_TRUST), related to cybersecurity in healthcare

1/25/2022
subject identifier discussion

This note is for discussion only (as a starting point, to be discussed in IETF110) :memo: Backlog for subject identifier List of related issues Approx 10% of currently open issues. [ ] 198 definition of a Subject in section 1.3 [ ] 197 requesting User Information [ ] 178 sub_ids and different contexts [ ] 171 subject identifiers as portable identifiers

3/8/2021
Read more from fimbault
Published on HackMD