Skip to content
This repository has been archived by the owner on Nov 29, 2021. It is now read-only.

Signing HTTP Messages #355

Open
bblfish opened this issue Apr 30, 2021 · 0 comments
Open

Signing HTTP Messages #355

bblfish opened this issue Apr 30, 2021 · 0 comments

Comments

@bblfish
Copy link

bblfish commented Apr 30, 2021

I wrote an implementation of the new IETF spec Signing HTTP Messages for an Akka based Web Server Reactive Solid I am writing, in order to implement HttpSig authentication for Tim Berners-Lee's Solid project with the help of a donation for from the EU Next Generation Internet for project Solid Control. Currently I am relying on the Java Lib Nimbus ds to help me with JWT crypto.

I am not a crypto specialist, but am starting to see why a Typesafe Scala library would be useful:

  • There is a lot of statefulness in Java: signatures objects for example.
  • Most of the crypto algorithms are name based, and so as a non crypto specialist person (like me) can find it very difficult to understand, as there is no type guidance.
  • In our project we need to develop both JS and Java libraries, so a coherent interface that could allow one to do both with one code base would be great.

The implementation of Signing HTTP Messages I wrote could be turned into a standalone library that would work with other HTTP frameworks, both server side and clientside. I won't have time to do this right now, as I am late on my milestones, but am interested to see what the interest may be. "Signing HTTP Messages" should definitely prove to be a very good test bed of cryptography. So I am looking at tsec. But I am not sure what the roadmap of this project is.

My thought was that tsec could do the crypto side of this. But I am not sure what the plans for its evolution are.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant