A Child’s Garden of Inter-Service Authentication Schemes


19 bookmarks. First posted by fkbarrett 9 weeks ago.


pmz: note macaroons
security  authentication  2018 
9 weeks ago by mechazoidal
Macaroons are an interesting (and criminally underused) construction that directly provides both delegation and attenuation. They’re a kind of token from which you can derive more restricted tokens (that’s the “attenuation”), and, if you want, pass that token to someone else to use without them being able to exceed the authorization you gave them. Macaroons accomplish this by chaining HMAC; the HMAC of a macaroon is the HMAC secret for its derived attenuated macaroons.

By adding encryption along with HMAC, Macaroons also express “third-party” conditions. Alice can get Charles to attest that Alice is a member of the super-awesome-best-friends-club, and include that in the Macaroon she delivers to Bob. If Bob also trusts Charles, Bob can safely learn whether Alice is in the club. Macaroons can flexibly express whole trees of these kinds of relationships, capturing identity, revocation, and… actually, revocation and identity are the only two big wins I can think of for this feature.
authentication 
9 weeks ago by euler
Modern applications tend to be composed from relationships between smaller applications. Secure modern applications thus need a way to express and enforce…
from instapaper
9 weeks ago by hiroprot
RT : We wrote a thing.
from twitter
9 weeks ago by rafaeldff
RT : We wrote a thing.
from twitter
9 weeks ago by mpasternacki
We wrote a thing.
from twitter_favs
9 weeks ago by dne
We wrote a thing.
from twitter_favs
9 weeks ago by enobrev
We wrote a thing.
from twitter_favs
9 weeks ago by adrahon