Signing HTTP Messages

[bblfish]

I wrote an implementation of the new IETF spec Signing HTTP Messages for an Akka based Web Server Reactive Solid I am writing, in order to implement HttpSig authentication for Tim Berners-Lee's Solid project with the help of a donation for from the EU Next Generation Internet for project Solid Control. Currently I am relying on the Java Lib Nimbus ds to help me with JWT crypto.

I am not a crypto specialist, but am starting to see why a Typesafe Scala library would be useful:

• There is a lot of statefulness in Java: signatures objects for example.
• Most of the crypto algorithms are name based, and so as a non crypto specialist person (like me) can find it very difficult to understand, as there is no type guidance.
• In our project we need to develop both JS and Java libraries, so a coherent interface that could allow one to do both with one code base would be great.

The implementation of Signing HTTP Messages I wrote could be turned into a standalone library that would work with other HTTP frameworks, both server side and clientside. I won't have time to do this right now, as I am late on my milestones, but am interested to see what the interest may be. "Signing HTTP Messages" should definitely prove to be a very good test bed of cryptography. So I am looking at tsec. But I am not sure what the roadmap of this project is.

My thought was that tsec could do the crypto side of this. But I am not sure what the plans for its evolution are.