The presence of an external signature changes the semantics of the serialized
payload (specifically how symbol ids are resolved), so it needs to be part of
the signature.
- externalSignature allows to attach an optional signature (from a non-ephemeral private key)
to biscuit blocks
- scope lets blocks and rules specify which facts can be loaded (either through keywords
for selecting groups of blocks, or through public keys for blocks signed by a specific
key)
- publicKeys provides a way to intern public keys in a way similar to symbols. Only public
keys referenced in datalog elements can be interned
- ThirdPartyBlockRequest / ThirdPartyBlockContents provide a way to add a signed 3rd party block
to a given biscuit token without disclosing the token itself. For that, the request needs to
provide:
- the public key of the last block (needed to pin the signature to a specific biscuit token)
- the list of already interned public keys (needed to properly generate the datalog ast).
Contrary to public keys, interned symbols are not shared to 3rd party blocks to prevent
information leaks.
The response provides the serialized block, as well as the associated signature.
* add read, write and time to the default symbol table
remove authority an ambient from the symbol table, as they are not used
anymore
* restrict the execution scope to the authority and current block
previously when evaluating a block, we used facts from the authorizer
and all previous blocks. This changes the execution scope to use only
the authority block, authorizer and the current block, which is a much
safer default and aligns more with expectations.
Execution using all previous blocks will be accessible again in the
future through an option
this removes unused symbol from the default table and adds more symbols to the list.
to allow for further growth of the default symbol table, we reserve
indexes from 0 to 1023. Any custom symbol defined in tokens or
authorizers must start from 1024