A Method for Signing an HTTP Requests for OAuth

The information below is for an old version of the document
Document Type Expired Internet-Draft (oauth WG)
Last updated 2015-01-22 (latest revision 2014-07-21)
Replaces draft-richer-oauth-signed-http-request
Stream IETF
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream WG state WG Document (wg milestone: Jul 2017 - Submit 'A Method for... )
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document a method for offering data origin authentication and integrity protection of HTTP requests. To convey the relevant data items in the request a JSON-based encapsulation is used and the JSON Web Signature (JWS) technique is re-used. JWS offers integrity protection using symmetric as well as asymmetric cryptography.


Justin Richer (jricher@mitre.org)
John Bradley (ve7jtb@ve7jtb.com)
Hannes Tschofenig (Hannes.Tschofenig@gmx.net)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)