In Macaroonia, which is one of the most important Biscuit inspirations, you can ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tptacek 8 months ago | parent | context | favorite | on: Biscuit authorization

In Macaroonia, which is one of the most important Biscuit inspirations, you can address "stateless" revocation with a 3P caveat on a revocation check service, which can issue time-limited "not revoked" attestations; the services that rely on the tokens don't even have to understand what that revocation check service is, or have any revocation checking code at all; it's all hidden from the application, the service can get moved around, scaled out independently, etc.

I'd be surprised if there wasn't a similar strategy available to Biscuits.

geal 8 months ago [–]

there's a siimilar concept in Biscuit, the 3rd party block: https://www.biscuitsec.org/blog/third-party-blocks-why-how-w... It's not advertised a lot right now because it's not supported by all libraries yet

Consider applying for YC's first-ever Fall batch! Applications are open till Aug 27.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact