As a prerequisite to #2, implement HTTP Signatures using this existing code for the Django REST framework--after reviewing it. The code currently only supports signing with a shared key, but the underlying httpsig library can handle RSA key pairs. Step one is a shared secret for signing, step 2 is key pairs.
At the beginning we can store long-lived key pairs and then develop the mechanism to update and expire keys.
As a prerequisite to #2, implement HTTP Signatures using this existing code for the Django REST framework--after reviewing it. The code currently only supports signing with a shared key, but the underlying httpsig library can handle RSA key pairs. Step one is a shared secret for signing, step 2 is key pairs.
At the beginning we can store long-lived key pairs and then develop the mechanism to update and expire keys.