Roberto Polli
Roberto Polli
@cyberphone I made some investigations on header-based signatures here https://forum.italia.it/t/non-repudiation-and-rsa-considered-legacy/5152 There are a couple of issues, eg. whether the signature is part of the application logic or not. In the...
@cyberphone both draft-cavage and signed-exchanges serialize endpoint informations (though in different ways - signed-exchanges takes into account a lot of security improvements implemented in TLS1.3). Embedding data in payload is...
@darrelmiller your idea of a application/jose content-encoding seems very reasonable. https://github.com/OAI/OpenAPI-Specification/issues/1464#issuecomment-365615501 Do you know of any attempt to register it with the IANA?
> one might expect to be able to account for the entire functional surface of a web service using OpenAPI. @cjaccino Does the same apply to the CONNECT method ?...
@cjaccino imho: - on regular methods POST,PUT,PATCH,GET,HEAD the resource MUST still start with `/` to avoid confusion - exceptions on other methods like OPTIONS could help when using OAS spec...
Let me know how we could start a cooperation on that @jmcanterafonseca .