It looks like I’m not the only person who likes the idea of signed HTTP requests as an authentication method.
Joyent and Digital Bazaar have co-written an Internet draft for cryptographically signed HTTP requests:
Several web service providers have invented their own schemes for signing HTTP requests, but to date, none have been placed in the public domain as a standard. This document serves that purpose. There are no techniques in this proposal that are novel beyond previous art, however, this aims to be a simple mechanism for signing these requests.
Signed HTTP requests are also a key feature of something I’ve been working on. It’s great to see the idea pick up momentum.
Leave a Reply