Comments (2)
Macaroons provide ample precedent for taming unrestricted bearer credentials, both via attenuation (ideally to least authority as proposed above), but also through contextual caveats.
It might be interesting to standardize one or more contextual caveats for Biscuits. It could potentially leverage the RFC8471 token binding protocol, or something a bit more minimalist (IIRC Chrome dropped support for token binding due to complexity, but Microsoft still uses it apparently)
from biscuit.
One cool application of third-party blocks will be to require an extra signature for the token to be valid. This way, the token itself is valid, and has to be signed (by adding a third-party block) just before it's sent on the wire.
Agreed on standardizing caveats (we would rather standardize ambient facts, i think), in addition to time(…)
which is somehow standardized by being supported in the CLI. The current default symbol table reflects that goal, by carrying several names that are intended to be used this way (things ilke client_ip
for instance)
from biscuit.
Related Issues (20)
- DID / DPKI integration HOT 3
- fix authorizer serialization
- check all / check unless behaviour HOT 3
- Question regarding the language specification about Sets HOT 2
- separate v2 and v3 samples HOT 1
- specify operator precedence
- Date & time manipulation
- indicate clearly that URL safe base64 encoding is preferred HOT 1
- Laziness of boolean operators HOT 3
- Heterogeneous `==` HOT 1
- Dates: TAI64, TAI or UTC? HOT 2
- Purpose of the `Parens` op HOT 2
- `.type()` function
- Add array and map types HOT 1
- Biscuit web key sets HOT 7
- Forgotten symbol in samples.json? HOT 2
- Webauthn signatures
- Allow heterogeneous sets
- `reject if` HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from biscuit.