[ https://issues.apache.org/jira/browse/CXF-7753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16520276#comment-16520276 ]
David J. M. Karlsen commented on CXF-7753: ------------------------------------------ We'll have a go at this and get back with a PR. > Support draft-cavage-http-signatures-09 OOTB > -------------------------------------------- > > Key: CXF-7753 > URL: https://issues.apache.org/jira/browse/CXF-7753 > Project: CXF > Issue Type: New Feature > Components: JAX-RS Security > Reporter: David J. M. Karlsen > Priority: Major > > It would be nice to support http signing signatures: > https://tools.ietf.org/html/draft-cavage-http-signatures-09 > It will probably increase in popularity as it's part of PSD2 security: > https://www.stet.eu/assets/files/PSD2/API-DSP2-STET_V1.2.3_final.pdf > I've found a library which could be used: > https://github.com/mbarbero/http-messages-signing > either making the integration in that library, or providing a cxf component > using parts of it for the signing part. > By doing this validation of incoming requests, as well as signing of outgoing > reqs could be handled transparently by either an interceptor, or maybe more > vanilla, a JAX-RS filter. -- This message was sent by Atlassian JIRA (v7.6.3#76005)