biscuit/README.md

# Biscuit authentication token

[![Join the chat at https://gitter.im/CleverCloud/biscuit](https://badges.gitter.im/CleverCloud/biscuit.svg)](https://gitter.im/CleverCloud/biscuit?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)

<img src="https://raw.githubusercontent.com/CleverCloud/biscuit/master/assets/brown.png" width="300">

*logo by [Mathias Adam](http://www.madgraphism.com/)*

Biscuit is a (in development) authentication token for microservices
architectures with the following properties:

- distributed authorization: any node could validate the token only with public
  information;
- offline delegation: a new, valid token can be created from another one by
  attenuating its rights, by its holder, without communicating with anyone;
- capabilities based: authorization in microservices should be tied to rights
  related to the request, instead of relying to an identity that might not make
  sense to the verifier;
- flexible rights managements: the token uses a logic language to specify attenuation
  and add bounds on ambient data;
- small enough to fit anywhere (cookies, etc).

Non goals:
- This is not a new authentication protocol. Biscuit tokens can be used as
  opaque tokens delivered by other systems such as OAuth.
- Revocation: while tokens come with expiration dates, revocation requires
  external state management.

You can follow the next steps on the [roadmap](https://github.com/CleverCloud/biscuit/issues/12).

How to help us?
- provide use cases that we can test the token on (some specific kind of caveats, auth delegation, etc)
- cryptographic design audit: we need to decide on a cryptographic scheme that will be strong enough

Project organisation:
- `DESIGN.md` holds the current ideas about what Biscuit should be
- `SPECIFICATIONS.md` is the in progress description of Biscuit, its format and behaviour
- `experimentations/` holds code examples for the crypographic schemes and caveat language. `code/biscuit-poc/` contains an experimental version of Biscuit, built to explore API issues

## License

Licensed under Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)

### Contribution

Unless you explicitly state otherwise, any contribution intentionally
submitted for inclusion in the work by you, as defined in the Apache-2.0
license, shall be licensed as above, without any additional terms or
conditions.
add a README 2019-01-02 16:23:30 +03:00			`# Biscuit authentication token`

Add Gitter badge 2019-01-18 18:52:11 +03:00			`[![Join the chat at https://gitter.im/CleverCloud/biscuit](https://badges.gitter.im/CleverCloud/biscuit.svg)](https://gitter.im/CleverCloud/biscuit?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)`

resize the logo 2019-01-07 14:22:56 +03:00			`<img src="https://raw.githubusercontent.com/CleverCloud/biscuit/master/assets/brown.png" width="300">`
add a logo 2019-01-07 14:19:08 +03:00
			`logo by [Mathias Adam](http://www.madgraphism.com/)`

add a README 2019-01-02 16:23:30 +03:00			`Biscuit is a (in development) authentication token for microservices`
			`architectures with the following properties:`

README: Fix typos 2019-01-08 23:44:23 +03:00			`- distributed authorization: any node could validate the token only with public`
			`information;`
			`- offline delegation: a new, valid token can be created from another one by`
			`attenuating its rights, by its holder, without communicating with anyone;`
			`- capabilities based: authorization in microservices should be tied to rights`
			`related to the request, instead of relying to an identity that might not make`
			`sense to the verifier;`
add the logic language to the specification 2019-02-26 18:59:59 +03:00			`- flexible rights managements: the token uses a logic language to specify attenuation`
			`and add bounds on ambient data;`
README: Fix typos 2019-01-08 23:44:23 +03:00			`- small enough to fit anywhere (cookies, etc).`
add a README 2019-01-02 16:23:30 +03:00
			`Non goals:`
README: Fix typos 2019-01-08 23:44:23 +03:00			`- This is not a new authentication protocol. Biscuit tokens can be used as`
			`opaque tokens delivered by other systems such as OAuth.`
			`- Revocation: while tokens come with expiration dates, revocation requires`
			`external state management.`
more info in the readme 2019-03-18 19:34:22 +03:00
specifications placeholder 2019-03-19 12:38:21 +03:00			`You can follow the next steps on the [roadmap](https://github.com/CleverCloud/biscuit/issues/12).`
more info in the readme 2019-03-18 19:34:22 +03:00
			`How to help us?`
			`- provide use cases that we can test the token on (some specific kind of caveats, auth delegation, etc)`
			`- cryptographic design audit: we need to decide on a cryptographic scheme that will be strong enough`
specifications placeholder 2019-03-19 12:38:21 +03:00
			`Project organisation:`
			- `DESIGN.md` holds the current ideas about what Biscuit should be
remove old comment 2019-12-19 11:55:16 +03:00			- `SPECIFICATIONS.md` is the in progress description of Biscuit, its format and behaviour
specifications placeholder 2019-03-19 12:38:21 +03:00			- `experimentations/` holds code examples for the crypographic schemes and caveat language. `code/biscuit-poc/` contains an experimental version of Biscuit, built to explore API issues
add a license 2019-10-28 13:33:30 +03:00
			`## License`

			`Licensed under Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)`

			`### Contribution`

			`Unless you explicitly state otherwise, any contribution intentionally`
			`submitted for inclusion in the work by you, as defined in the Apache-2.0`
			`license, shall be licensed as above, without any additional terms or`
			`conditions.`