A Child’s Garden of Inter-Service Authentication Schemes


18 bookmarks. First posted by fkbarrett 7 days ago.


pmz: note macaroons
security  authentication  2018 
6 days ago by mechazoidal
Macaroons are an interesting (and criminally underused) construction that directly provides both delegation and attenuation. They’re a kind of token from which you can derive more restricted tokens (that’s the “attenuation”), and, if you want, pass that token to someone else to use without them being able to exceed the authorization you gave them. Macaroons accomplish this by chaining HMAC; the HMAC of a macaroon is the HMAC secret for its derived attenuated macaroons.

By adding encryption along with HMAC, Macaroons also express “third-party” conditions. Alice can get Charles to attest that Alice is a member of the super-awesome-best-friends-club, and include that in the Macaroon she delivers to Bob. If Bob also trusts Charles, Bob can safely learn whether Alice is in the club. Macaroons can flexibly express whole trees of these kinds of relationships, capturing identity, revocation, and… actually, revocation and identity are the only two big wins I can think of for this feature.
authentication 
6 days ago by euler
Modern applications tend to be composed from relationships between smaller applications. Secure modern applications thus need a way to express and enforce…
from instapaper
7 days ago by hiroprot
RT : We wrote a thing.
from twitter
7 days ago by rafaeldff
RT : We wrote a thing.
from twitter
7 days ago by mpasternacki
We wrote a thing.
from twitter_favs
7 days ago by dne
We wrote a thing.
from twitter_favs
7 days ago by adrahon
We wrote a thing.
from twitter_favs
7 days ago by enobrev
We wrote a thing.
from twitter_favs
7 days ago by fkbarrett