biscuit-auth/biscuit
1
1
Fork 0
mirror of https://github.com/biscuit-auth/biscuit.git synced 2024-10-06 02:27:33 +03:00
Code Issues Packages Projects Releases Wiki Activity
delegated, decentralized, capabilities based authorization token
23 Commits 32 Branches 0 Tags 1.1 MiB
Rust 96.5%
C++ 3.5%
9a7aeec6ea
Go to file
Geoffroy Couprie 9a7aeec6ea move the pairing crate and mcl lib experiments in code/pairing
2019-01-31 15:34:36 +01:00
assets add a logo 2019-01-07 12:19:08 +01:00
code/pairing move the pairing crate and mcl lib experiments in code/pairing 2019-01-31 15:34:36 +01:00
DESIGN.md Merge pull request #6 from CleverCloud/proposal/caveat-structure 2019-01-18 17:17:59 +01:00
README.md Add Gitter badge 2019-01-18 15:52:11 +00:00

README.md

Biscuit authentication token

Join the chat at https://gitter.im/CleverCloud/biscuit

logo by Mathias Adam

Biscuit is a (in development) authentication token for microservices architectures with the following properties:

  • distributed authorization: any node could validate the token only with public information;
  • offline delegation: a new, valid token can be created from another one by attenuating its rights, by its holder, without communicating with anyone;
  • capabilities based: authorization in microservices should be tied to rights related to the request, instead of relying to an identity that might not make sense to the verifier;
  • flexible rights managements: the token specifies a pattern based right specification and attenuation syntax that can map to other rights management systems;
  • small enough to fit anywhere (cookies, etc).

Non goals:

  • This is not a new authentication protocol. Biscuit tokens can be used as opaque tokens delivered by other systems such as OAuth.
  • Revocation: while tokens come with expiration dates, revocation requires external state management.