Macaroons: More cookie than cookie
Brian Sletten introduces Google Macaroons, a fine-grained, decentralized authorization mechanism that is web friendly and suitable for cloud and microservices.
|Talk Title||Macaroons: More cookie than cookie|
|Conference||O’Reilly Security Conference|
|Conf Tag||Build better defenses|
|Date||November 9-11, 2016|
Google Research has given us Macaroons (no, not the fancy, delicious cookies). Google’s Macaroons are an authorization model with support for contextually controlled caveats and the simplicity of a regular cookie. This allows a fine-grained and flexible approach to delegating privilege to principals in a decentralized way, allowing you to protect resources. Brian Sletten introduces the underlying principles of Macaroons as he walks you through applying them in practice with nontrivial delegation scenarios, demonstrating how to build systems with strong controls as well as the freedom to transfer privileges to others with more narrow constraints. The combination of simplicity, flexibility, and sophistication is a rare and desirable goal for modern security controls. Even if you aren’t interested in putting Macaroons in practice in your own work, it is worth diving deeper just to gain exposure to a technology with these properties.