Personal tools
You are here: Home Events LFCS Seminars-Folder LFCS seminar by Ulfar Erlingsson (Google)

LFCS seminar by Ulfar Erlingsson (Google)

— filed under:

Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud

  • LFCS Seminar
When Mar 11, 2014
from 04:00 PM to 05:00 PM
Where IF 4.31/4.33
Contact Name
Add event to calendar vCal

 Controlled sharing is fundamental to distributed systems; yet, on the Web, and in the Cloud, sharing is still based on rudimentary mechanisms. Macaroons are flexible authorization credentials that support decentralized delegation between principals, that can easily enable more fine-grained authorization for Cloud services, e.g., by strengthening mechanisms like OAuth2.  Macaroons are based on a construction that uses nested, chained MACs (e.g., HMACs) in a manner that is highly efficient, easy to deploy, and widely applicable. Although macaroons are bearer credentials, like Web cookies, macaroons embed caveats that attenuate and contextually confine when, where, by who, and for what purpose a target service should authorize requests. Macaroons can be formalized in authorization logic and shown to equal the expressiveness of earlier, flexible certificate-based authorization systems, like SPKI/SDSI.

Document Actions