EncryptedRequest - standardization #22
Unanswered
jeremi
asked this question in
General Q&A
Replies: 2 comments 1 reply
-
Thanks for pointing this @jeremi. It is good point and leverage the existing spec / standard to represent the encrypted data. I will sturdy little more and purpose a draft open api spec element for this for discussion. @gsasikumar do you have any other thoughts to represent encrypted data element in a payload? |
Beta Was this translation helpful? Give feedback.
0 replies
-
@jeremi I think you are suggesting a JWE RFC 7516. I agree that we should rely on JWE. But would like to fix the "enc" to a small subset. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I've noticed that we're considering using a custom encryption method for our HTTP POST requests: EncryptedRequest.
While the proposed solution seems feasible, I'd like to suggest an alternative: adopting the JSON Web Token (JWT) standard. JWT offers several benefits that make it a good choice for secure data transmission:
Is there any reason why JWT might not be a good fit?
Beta Was this translation helpful? Give feedback.
All reactions