I think HTTP request signing will be a non-starter for an interoperable standard like oauth because of the difficulty of canonicalization without an authoritative library. AWS can pull that off because they have an SDK…
The other competing standard draft to OAuth mTLS is DPoP: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop
I think HTTP request signing will be a non-starter for an interoperable standard like oauth because of the difficulty of canonicalization without an authoritative library. AWS can pull that off because they have an SDK…
The other competing standard draft to OAuth mTLS is DPoP: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop