Is there a RESTful standard for digital signatures (NOT authentication/authorization)?
3
5
I’m pretty sure I saw @manusporny post something about this a while ago, perhaps related to Web ID. Sorry, my memory is crap.
1
This might be what I read about: github.com/digitalbazaar/jso… @manusporny @stilkov
1
There’s also this: tools.ietf.org/html/rfc7515 @manusporny @stilkov
1
1
Thanks, but REST doesn't have to imply JSON... (To the contrary, it implies conneg: blog.ploeh.dk/2015/06/22/res…)
2
JWS is a header based signature. It can secure any payload. The only JSON is the header format
1
2
I didn't get that. Thank you for pointing that out. I'll be taking a second look :)
1
1
Still don’t see anything particularly RESTful or HTTP-related in JWS. Orthogonal concepts.
2
I agree that JWS has little to do with REST but it doesn't violate any constraints. @ploeh @asbjornu @manusporny
2
1
Replying to @darrel_miller @ploeh @asbjornu @manusporny
Agreed.

Nov 11, 2016 · 6:59 PM UTC

3
Replying to @stilkov @darrel_miller @ploeh @asbjornu
We did some work on Signing HTTP Messages (full conneg): tools.ietf.org/html/draft-ca…
Replying to @stilkov @darrel_miller @ploeh @asbjornu
There is also Linked Data Signatures (JSON agnostic, supports conneg): w3c-dvcg.github.io/ld-signat…
Replying to @stilkov @darrel_miller @ploeh @asbjornu
... and work we're doing in the W3C Digital Verification Community Group: github.com/WebOfTrustInfo/re…
1