mirror of
https://github.com/biscuit-auth/biscuit.git
synced 2024-10-26 14:54:35 +03:00
2.4 KiB
2.4 KiB
Biscuit authentication token
logo by Mathias Adam
Biscuit is a (in development) authentication token for microservices architectures with the following properties:
- distributed authorization: any node could validate the token only with public information;
- offline delegation: a new, valid token can be created from another one by attenuating its rights, by its holder, without communicating with anyone;
- capabilities based: authorization in microservices should be tied to rights related to the request, instead of relying to an identity that might not make sense to the verifier;
- flexible rights managements: the token uses a logic language to specify attenuation and add bounds on ambient data;
- small enough to fit anywhere (cookies, etc).
Non goals:
- This is not a new authentication protocol. Biscuit tokens can be used as opaque tokens delivered by other systems such as OAuth.
- Revocation: while tokens come with expiration dates, revocation requires external state management.
You can follow the next steps on the roadmap.
How to help us?
- provide use cases that we can test the token on (some specific kind of caveats, auth delegation, etc)
- cryptographic design audit: we need to decide on a cryptographic scheme that will be strong enough
Project organisation:
DESIGN.md
holds the current ideas about what Biscuit should beSPECIFICATIONS.md
is the in progress description of Biscuit, its format and behaviourexperimentations/
holds code examples for the crypographic schemes and caveat language.code/biscuit-poc/
contains an experimental version of Biscuit, built to explore API issues
License
Licensed under Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be licensed as above, without any additional terms or conditions.