Add Support for Signature Validation via HTTP Header #25
Labels
enhancement
New feature or request
Comments
tsconn23
changed the title
husseinfakharany
added a commit
to husseinfakharany/alvarium-sdk-go
that referenced
this issue
Feb 7, 2022
* Implement HTTP PKI annotator * Implement HTTP request parser * Implement related unit tests * Made VerifySignature and DeriveHash public and updated their uses Fix project-alvarium#25 Signed-off-by: husseinfakharany <fakharany.hussein@gmail.com>
husseinfakharany
added a commit
to husseinfakharany/alvarium-sdk-go
that referenced
this issue
Feb 9, 2022
* Implement HTTP PKI annotator * Implement HTTP request parser * Implement related unit tests * Made VerifySignature and DeriveHash public and updated their uses Fix project-alvarium#25 Signed-off-by: husseinfakharany <fakharany.hussein@gmail.com>
husseinfakharany
added a commit
to husseinfakharany/alvarium-sdk-go
that referenced
this issue
Feb 10, 2022
* Implement HTTP PKI annotator * Implement HTTP request parser * Implement related unit tests * Made VerifySignature and DeriveHash public and updated their uses Fix project-alvarium#25 Signed-off-by: husseinfakharany <fakharany.hussein@gmail.com>
husseinfakharany
added a commit
to husseinfakharany/alvarium-sdk-go
that referenced
this issue
Feb 13, 2022
* Implement HTTP PKI annotator * Implement HTTP request parser * Implement related unit tests * Made VerifySignature and DeriveHash public and updated their uses Fix project-alvarium#25 Signed-off-by: husseinfakharany <fakharany.hussein@gmail.com>
husseinfakharany
added a commit
to husseinfakharany/alvarium-sdk-go
that referenced
this issue
Feb 16, 2022
* Implement HTTP PKI annotator * Implement HTTP request parser * Implement related unit tests * Made VerifySignature and DeriveHash public and updated their uses Fix project-alvarium#25 Signed-off-by: husseinfakharany <fakharany.hussein@gmail.com>
husseinfakharany
added a commit
to husseinfakharany/alvarium-sdk-go
that referenced
this issue
Feb 17, 2022
* Implement HTTP PKI annotator * Implement HTTP request parser * Implement related unit tests * Made VerifySignature and DeriveHash public and updated their uses Fix project-alvarium#25 Signed-off-by: husseinfakharany <fakharany.hussein@gmail.com>
tsconn23
pushed a commit
that referenced
this issue
Feb 18, 2022
* Implement HTTP PKI annotator * Implement HTTP request parser * Implement related unit tests * Made VerifySignature and DeriveHash public and updated their uses Fix #25 Signed-off-by: husseinfakharany <fakharany.hussein@gmail.com>
This was referenced Mar 15, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For context, see comment here:
alvarium-sdk-go/internal/annotators/pki.go
Line 67 in 884bf5e
Essentially, our current PKI annotator has some constraints in that incoming data must support unmarshaling via JSON to a type that has a
Signatureproperty. This eliminates our ability to annotate data that is not in JSON format or otherwise does not provide the necessary property. We need to leverage a means independent of the data payload for this capability and so I propose looking for some way to leverage the means of transport.The following IETF draft proposes using HTTP headers to support signature validation.
https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html
Assuming the relevant
SignatureandSignature-Inputheaders are present, in an HTTP context the Request can be passed into the annotator which would obtain the values and run the verification. Using headers would also possibly provide insight toward a relevant abstraction for a similar means of verification in pub-sub scenarios where message headers are available.The text was updated successfully, but these errors were encountered: