Re: Credentials Task Force proposal

On 11/06/2015 01:59 AM, Tony Arcieri wrote:
> I feel Macaroons are applicable to this problem domain as well, albeit
> not yet standardized:
>
> http://macaroons.io/
> http://research.google.com/pubs/pub41892.html
> https://air.mozilla.org/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/
> https://github.com/ecordell/macaroon-compatibility

Yeah, I could see macaroons being used in conjunction with credentials. 
It's unclear if there might need to be some minor tweaks to macaroons as 
they appear to be very service oriented, whereas credentials are 
user-centric. So long as a set of required attributes could be embedded 
in a macaroon (caveats) and a set of credentials could assert those 
attributes (despite not being tied to a service), I could see them 
playing nicely together.


-- 
Dave Longley
CTO
Digital Bazaar, Inc.
http://digitalbazaar.com

Received on Friday, 6 November 2015 15:09:43 UTC