Author(s): Arnar Birgisson, Joe Gibbs Politz, Ulfar Erlingsson, Ankur Taly, Michael Vrable and Mark Lentczner

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014


Macaroons are authorization credentials whose efficiency and ease-of-deployment equal that of Web cookies, thanks to their chained-HMAC construction. Unlike cookies, macaroons support efficient, widely-applicable forms of decentralized delegation, with expressiveness that rivals public-key-based mechanisms like SPKI/SDSI. Thus, macaroons can flexibly confine how, by whom, and in what context, authority can be exercised.