Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There are several access control mechanisms. One such ACL as mentioned in the post is identity certificates which are used to perform access control. Other mechanisms for identity are CATs which have been talked about in the past https://rwc.iacr.org/2018/Slides/Lewi.pdf and https://www.youtube.com/watch?v=kY-Bkv3qxMc


CATs at first sight look like Macaroons or JWTs. Thanks for the links!


Ya they're similar in that they are all signed blobs of data, but different in the sense that they are specifically designed to send authentication information via several layers of proxies


I'm actually interested in this subject so I'll check out your links when I'll be able to. At first sight this sounds like wrapping tokens or third party caveats in Macaroons.


We presented about CATs again in Def Con 26. It's a 21 minute talk but if you're interested in how CAT differ from Macaroons, you can skip to 16:15 mark where Yueting explains https://cryptovillage.org/cats-a-tale-of-scalable-authentica...


I've seen both videos, nice explanation.

If you don't mind I wouldn't necessarily agree with the comment about JWT by Yueting. JWT is just a format, querying backend to get a new token is not necessary (this is only how people often use them). I actually built a small PoC that mints new JWTs on client side (in the browser) signing them with a non-exportable key (through Webcrypto).

As for Macaroons I believe they could also be adjusted to resemble CATs as I understood them (with layers for different services). I do have other issues with Macaroons though (https://news.ycombinator.com/item?id=17878845)...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: