This article has multiple issues. Please help
improve it or discuss these issues on the
talk page. (
Learn how and when to remove these template messages)
|
In computer security, macaroons are authorization credentials that support decentralized delegation between principals. [1]
Macaroons are used in a variety of systems, including the Ubuntu Snappy package manager, [2] the HyperDex data store, [3] [4] the Matrix communication protocol, and the Python Package Index. [5]
A macaroon is composed of series of "caveats", for example:
The macaroon model doesn't specify the language for these caveats; The original paper proposes a model of subjects and rights, but the details are left to individual implementations.
Macaroons are similar to some other technologies.
Compared to JSON Web Token (JWT):
Compared to Certificates
Implementations need to decide whether the entire macaroon tree is invalidated at once from its root, the server secret key; or if intermediate macaroons are to be blacklisted, comparable to time-bound JWT's.
This article has multiple issues. Please help
improve it or discuss these issues on the
talk page. (
Learn how and when to remove these template messages)
|
In computer security, macaroons are authorization credentials that support decentralized delegation between principals. [1]
Macaroons are used in a variety of systems, including the Ubuntu Snappy package manager, [2] the HyperDex data store, [3] [4] the Matrix communication protocol, and the Python Package Index. [5]
A macaroon is composed of series of "caveats", for example:
The macaroon model doesn't specify the language for these caveats; The original paper proposes a model of subjects and rights, but the details are left to individual implementations.
Macaroons are similar to some other technologies.
Compared to JSON Web Token (JWT):
Compared to Certificates
Implementations need to decide whether the entire macaroon tree is invalidated at once from its root, the server secret key; or if intermediate macaroons are to be blacklisted, comparable to time-bound JWT's.