Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud
Download: Paper (PDF)
Date: 22 Feb 2014
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2014
Abstract:
Macaroons are authorization credentials whose efficiency and ease-of-deployment equal that of Web cookies, thanks to their chained-HMAC construction. Unlike cookies, macaroons support efficient, widely-applicable forms of decentralized delegation, with expressiveness that rivals public-key-based mechanisms like SPKI/SDSI. Thus, macaroons can flexibly confine how, by whom, and in what context, authority can be exercised.