Allow message to be verified

openfaas / nats-queue-worker

Queue-worker for OpenFaaS with NATS Streaming

https://docs.openfaas.com/reference/async/

MIT License

128 stars 59 forks source link

Allow message to be verified #48

Open alexellis opened 5 years ago

alexellis commented 5 years ago

Feature: Non-repudiation for queue-worker callbacks

Suggested by: Ed Wilde @ewilde

We can use HMAC or RSA and HMAC together to sign messages when we use the X-Callback-Url. This means that receivers of the callback messages can verify the sender as the queue worker vs. some bad actor that discovered the URL.

alexellis commented 5 years ago

Via @ewilde https://tools.ietf.org/html/draft-cavage-http-signatures-05

ewilde commented 5 years ago

I've created a conceptual diagram for the http signatures flow: diagram

ewilde commented 5 years ago

Derek assign: ewilde