curl-users
Re: AWS SigV4 authentication
Date: Wed, 13 Dec 2017 18:05:04 -0800
>
> But what other servers than Amazon's support it?
It's only supported by AWS, but that in and of itself constitutes a sizable
portion of internet traffic. The S3 outage that happened earlier this year
demonstrates this volume:
S3 is one of about a hundred services offered by AWS that use SigV4 as a
means of authentication.
On Wed, Dec 13, 2017 at 3:46 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Wed, 13 Dec 2017, Haitham Gad wrote:
>
> It is open in the sense that it's well documented by AWS and there's a lot
>> of existing implementations in many languages. It is not standardized, but
>> it's useful to a wide range of users (all AWS customers). Users usually use
>> the CLI or SDKs to call AWS APIs, but there's still need to inspect the raw
>> HTTP responses from API calls.
>>
>
> But what other servers than Amazon's support it?
>
> I think I can free up a few days to work on an implementation for SigV4 in
>> curl. If you have any guidance regarding contributing to curl, I appreciate
>> if you can share it with me.
>>
>
> It is probably a good idea to see how for example HTTP Digest is
> implemented and work from there. HTTP auths typically get a 401 response
> back to the initial request, with some bits of data that is then used by
> the client to calculate some value that is then sent to the server in a
> second request - the authenticated request.
>
> Now I don't know anything about the protocol specifics, but I saw one page
> hinting that there's a hash of the payload involved which sounds like it
> could make it fairly complicated to add.
>
> --
>
> / daniel.haxx.se
>
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-12-14