-
Commenting as identity enthusiast as opposed to WIMSE co-chair:
The HTTP Signature proposal requires the Workload Identity Token to be signed, but the Workload Proof Token does not include a mechan…
-
Background on how and why they work, and our usage and requirements.
Notes from #110:
> The way http signatures works, you have to define a specification for how to build an input document, and …
-
We currently use https://github.com/ahknight/httpsig, but it's been unmaintained since 2018. We're already on our own fork, https://github.com/snarfed/httpsig, to get https://github.com/ahknight/https…
-
Did you consider just using HTTP-Signatures:
https://web-payments.org/specs/source/http-signatures/
If you were aware of it I am interested to know why you felt it was insufficient?
-
As raised in this issue -- https://github.com/superseriousbusiness/gotosocial/issues/2857 -- `(created)` is [recommended by the HTTP signature spec draft](https://datatracker.ietf.org/doc/html/draft-c…
-
From Section 4, "So, what's the verdict?"
> We'd often like to authenticate objects and activities outside of inbox delivery requests, eg during [inbox forwarding](https://www.w3.org/TR/activitypub…
-
Need to implement keypair generation, wire into the `publicKey` field in actors, and actually do the signature stuff (probably with https://github.com/asonix/http-signatures).
-
https://github.com/brave-intl/bat-go/pull/1691#discussion_r1494028234
Test is [here](https://github.com/brave-intl/bat-go/blob/nitro-payments-dev/libs/httpsignature/httpsignature_test.go#L679)
-
in trying to setup the bot in our local cluster, i got the error below:
> [20240124-T15:36:40] WARNING: A crash occurred!
Traceback (most recent call last):
File "/apps/brussel/RL8/skylake-ib/s…
-
I personally prefer Ed25519 over RSA and would like to not have to rely on it.
Blocked by https://github.com/mastodon/mastodon/issues/21429