Loading ...
Sorry, an error occurred while loading the content.

19474Re: [rest-discuss] Authentication scheme for HMAC authentication in Restful services.

Expand Messages
  • Craig McClanahan
    Jun 18, 2013
    • 0 Attachment
      In the context of OAuth 2.0, there are efforts underway to standardize the use of MAC authentication[1], putting it in the Authorization header with a scheme name of "mac".

      Craig McClanahan

      On Tue, Jun 18, 2013 at 4:53 AM, Unmesh Joshi <unmeshjoshi@...> wrote:


      We have implemented a Restful service with HMAC authentication. Till now, we were using custom authorization header. But it looks like the common practice is to use standard HTTP "Authorization" header with custom authorization scheme. 
      Unfortunately there doesnt seem to be a standard scheme so far for HMAC based authentication. Everyone (Amazon, Azure, etc..) use their own schemes (e.g. "AWS" used by Amazon or "SharedKey""SharedLiteKey" used by Azure http://msdn.microsoft.com/en-us/library/dd179428.aspx). All these schemes are nearly same, but use different scheme identifier.

      http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-22 seems to work in progress, but there is no place where all the commonly used authentication schemes are listed.

      I found this https://github.com/hueniverse/hawk. But not sure if this is widely used. 

      I do not want to create a new scheme identifier, something more generic will probably make sense. 


    • Show all 2 messages in this topic