Credentials Task Force proposal

On Friday, November 6, 2015, Dave Longley <dlongley@digitalbazaar.com>
wrote:
>
> Yeah, I could see macaroons being used in conjunction with credentials.


Macaroons specifically self-identify as bearer credentials in the paper.


> It's unclear if there might need to be some minor tweaks to macaroons as
> they appear to be very service oriented, whereas credentials are
> user-centric.


Macaroons are specifically designed for multi-principal actions where one
of the principals *can* be an end user. All of the diagrams in the paper
illustrate user <-> service <-> service interactions.

So long as a set of required attributes could be embedded in a macaroon
> (caveats) and a set of credentials could assert those attributes (despite
> not being tied to a service), I could see them playing nicely together.


This is definitely the case: caveats are arbitrary.


-- 
Tony Arcieri

Received on Saturday, 7 November 2015 00:37:20 UTC