[Openid-specs-fapi] Alive and kicking: draft-cavage-http-signatures
anders.rundgren.net at gmail.com
Wed Mar 13 15:40:49 UTC 2019
After posting https://cyberphone.github.io/ietf-signed-http-requests/hotrfc-shreq.pdf in the https://open-banking-global.slack.com forum it became clear that quite a bunch of API builders in the financial sector (including Starling) indeed have settled on https://tools.ietf.org/html/draft-cavage-http-signatures-10.
Under those circumstances it seems a bit premature suggesting that other entities should not use it. That a draft has expired doesn't make it worthless.
What's surprising is that I found no traces of any discussions within the IETF regarding this draft (which IMO doesn't look that bad).
Note: I'm not advocating for adoption of http-signatures, but for a more open discussion about the alternatives.
More information about the Openid-specs-fapi