Macaroons & Biscuits are two related ways to implement fine-grained authorization at scale. Macaroons work by granting an unforgable token that can be delegated and "attenuated" (i.e. further restricted) without action by the server. This can extend to third-party services as well.
Biscuits work similarly, but use more public key crypto infrastructure rather than the HMACs that Macaroons use, allowing for the private keys to not be widely distributed. Biscuits also specify a Datalog implementation to specify attenuation logic in tokens that can simply be executed by the server.
It would be nice to have recipes for both of these since they would be useful for handling requests in a Macaroon- or Biscuit-oriented API.
Please authenticate to join the conversation.
In Review
💡 Feature Request
9 months ago
Andrew Elgert
Get notified by email when there are changes.
In Review
💡 Feature Request
9 months ago
Andrew Elgert
Get notified by email when there are changes.