December 25, 2019

192 words 1 min read

Macaroons: More cookie than cookie

Macaroons: More cookie than cookie

Brian Sletten introduces Google Macaroons, a fine-grained, decentralized authorization mechanism that is web friendly and suitable for cloud and microservices.

Talk Title Macaroons: More cookie than cookie
Conference O’Reilly Security Conference
Conf Tag Build better defenses
Location Amsterdam, Netherlands
Date November 9-11, 2016
URL Talk Page
Slides Talk Slides

Google Research has given us Macaroons (no, not the fancy, delicious cookies). Google’s Macaroons are an authorization model with support for contextually controlled caveats and the simplicity of a regular cookie. This allows a fine-grained and flexible approach to delegating privilege to principals in a decentralized way, allowing you to protect resources. Brian Sletten introduces the underlying principles of Macaroons as he walks you through applying them in practice with nontrivial delegation scenarios, demonstrating how to build systems with strong controls as well as the freedom to transfer privileges to others with more narrow constraints. The combination of simplicity, flexibility, and sophistication is a rare and desirable goal for modern security controls. Even if you aren’t interested in putting Macaroons in practice in your own work, it is worth diving deeper just to gain exposure to a technology with these properties.

comments powered by Disqus