Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud

Controlled sharing is fundamental to distributed systems; yet, on the Web, and in the Cloud, sharing is still based on rudimentary mechanisms. Macaroons are flexible authorization credentials that support decentralized delegation between principals, that can easily enable more fine-grained authorization for Cloud services, e.g., by strengthening mechanisms like OAuth2. Macaroons are based on a construction that uses nested, chained MACs (e.g., HMACs) in a manner that is highly efficient, easy to deploy, and widely applicable. Although macaroons are bearer credentials, like Web cookies, macaroons embed caveats that attenuate and contextually confine when, where, by who, and for what purpose a target service should authorize requests. Macaroons can be formalized in authorization logic and shown to equal the expressiveness of earlier, flexible certificate-based authorization systems, like SPKI/SDSI.

Start time:
Location: Mountain View Commons
Duration: 54 minutes
Channel: Main

Tags: auth, cookies

Views since archived: 4,103

Small (640x380) Big (896x504)

WebM (HD) , Mpeg4 (HD)
To download, right-click and select "Save Link As..."

Comments

Loading comments. Please wait…

You must be signed in to post comments.