Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud
Venue
Network and Distributed System Security Symposium, Internet Society (2014)
Publication Year
2014
Authors
Arnar Birgisson, Joe Gibbs Politz, Úlfar Erlingsson, Ankur Taly, Michael Vrable, Mark Lentczner
BibTeX
Abstract
Controlled sharing is fundamental to distributed systems; yet, on the Web, and in
the Cloud, sharing is still based on rudimentary mechanisms. More flexible,
decentralized cryptographic authorization credentials have not been adopted,
largely because their mechanisms have not been incrementally deployable, simple
enough, or efficient enough to implement across the relevant systems and devices.
This paper introduces macaroons: flexible authorization credentials for Cloud
services that support decentralized delegation between principals. Macaroons are
based on a construction that uses nested, chained MACs (e.g., HMACs) in a manner
that is highly efficient, easy to deploy, and widely applicable. Although macaroons
are bearer credentials, like Web cookies, macaroons embed caveats that attenuate
and contextually confine when, where, by who, and for what purpose a target service
should authorize requests. This paper describes macaroons and motivates their
design, compares them to other credential systems, such as cookies and SPKI/SDSI,
evaluates and measures a prototype implementation, and discusses practical security
and application considerations. In particular, it is considered how macaroons can
enable more fine-grained authorization in the Cloud, e.g., by strengthening
mechanisms like OAuth2, and a formalization of macaroons is given in authorization
logic.