The downside to request signing is that it adds expensive cryptographic operations to every single HTTP request against a protected resource. The more secure you make the signing algorithm, the more expensive the signing process is. The key to a solid request signing algorithm is to minimize the possibility of collisions across different requests.
