Justin Richer

icon indicating a website link https://bspk.io/

icon company Bespoke Engineering icon location Independent consultant, specializing in security and identity standards.

Results 9 issues of Justin Richer

Add signature context

1 comment

Adds an optional `context` parameter to signatures, to allow applications to signal specific usage between the signer and verifier. Closes #2133 This PR does not add this to any examples...

signatures

How to handle cache in signatures

3 comment

What should the requirements for cache be in signatures? See some context: _Originally posted by @jricher in https://github.com/httpwg/http-extensions/pull/2105#discussion_r882977703_

signatures
discuss

Add unencoded payload option and move JWT type out of JWS

Security Framework

6 comment

*** Preview | Diff

Update link to Vittorio's blog to web archive version

Mislabled Diagram

1 comment

Figure 5-5 Federation Proxy

63C

Support for draft -05 and above

I'm one of the authors of the HTTP Message Signatures spec, and I was pointed to this implementation. I wanted to let you know that there have been several major...

HTTP Message Signatures

7 comment

I would like to propose that HTTP Message Signatures (RFC 9421, https://www.rfc-editor.org/rfc/rfc9421.html) be used instead of JOSE for the proof of possession mechanism for DBSC. I believe that HTTPSig provides...

Protocol Flow Diagram

1 comment

The protocol flow diagram in 1.2 is confusing to readers, and it's not uncommon for a reader to think "Resource Owner" is another computer alongside the Authorization Server and Resource...