Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud

Author(s): Arnar Birgisson, Joe Gibbs Politz, Ulfar Erlingsson, Ankur Taly, Michael Vrable and Mark Lentczner

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014

Abstract:

Macaroons are authorization credentials whose efficiency and ease-of-deployment equal that of Web cookies, thanks to their chained-HMAC construction. Unlike cookies, macaroons support efficient, widely-applicable forms of decentralized delegation, with expressiveness that rivals public-key-based mechanisms like SPKI/SDSI. Thus, macaroons can flexibly confine how, by whom, and in what context, authority can be exercised.