[Openid-specs-fapi] Alive and kicking: draft-cavage-http-signatures

Anders Rundgren anders.rundgren.net at gmail.com
Wed Mar 13 15:40:49 UTC 2019

After posting https://cyberphone.github.io/ietf-signed-http-requests/hotrfc-shreq.pdf in the https://open-banking-global.slack.com forum it became clear that quite a bunch of API builders in the financial sector (including Starling) indeed have settled on https://tools.ietf.org/html/draft-cavage-http-signatures-10.

Under those circumstances it seems a bit premature suggesting that other entities should not use it.  That a draft has expired doesn't make it worthless.

What's surprising is that I found no traces of any discussions within the IETF regarding this draft (which IMO doesn't look that bad).

Note: I'm not advocating for adoption of http-signatures, but for a more open discussion about the alternatives.


More information about the Openid-specs-fapi mailing list