Recently I blogged about my proposed Content-Signature header for transmitting digital signatures. I created a Internet Draft and submitted it to the IETF. After a bunch of discussions with some helpful folks on the IETF HTTP WG list, I found that email already has such a system called Domain Keys Identified Mail (DKIM). Its designed specifically for email messages, but some work is being done by David Crocker and friends to make it applicable to other protocols via the DOSETA specification.
One particular interesting feature is how public keys are discovered. Basically DNS names are used for identity and acquiring public keys for verification is just a matter of getting a text record from a particular domain. It sounds exciting because even in an IT organization you could have distributed non-centralized authentication and authorization. DNS gives you a structure so that you could authorize a whole domain of users or one user at a time. It would be interesting to be able to see how this structure could be mapped onto a URI instead too.
So, my short lived support for Content-Signature in Resteasy 2.2-beta-1 will be retired and I’m going to look into using DOSETA instead for 2.2.Final.