Yes, exactly.
I’m trying to come up with a demo to showcase how canisters can receive and handle authenticated HTTP requests, which will require making some changes to some components of the protocol. More details soon.
In the meantime, you can already take a look at the HTTP Authentication PoC work started by @NathanosDev on the following repo: dfinity/http-auth-poc. In that PoC, clients send authenticated HTTP requests to canisters using HTTP Message Signatures, and we validate signatures at the canister level. This can be too expensive in terms of instructions used, that’s why I’m exploring changes at different layers of the protocol.
I also plan to make a proper announcement/request for feedback about these things in the next weeks, but feel free to try it out and give feedback already!