8 lines
465 B
Text
8 lines
465 B
Text
Macaroons, like cookies, are a form of bearer credential. Unlike opaque tokens,
|
|
macaroons embed caveats that define specific authorization requirements for the
|
|
target service, the service that issued the root macaroon and which is capable
|
|
of verifying the integrity of macaroons it recieves.
|
|
|
|
Macaroons allow for delegation and attenuation of authorization. They are
|
|
simple and fast to verify, and decouple authorization policy from the
|
|
enforcement of that policy.
|