Comment by AceJohnny2
Comment by AceJohnny2 4 days ago
Are Eclipse Biscuits related to Google Macaroons? https://research.google/pubs/macaroons-cookies-with-contextu...
(what a word salad that is...)
Comment by AceJohnny2 4 days ago
Are Eclipse Biscuits related to Google Macaroons? https://research.google/pubs/macaroons-cookies-with-contextu...
(what a word salad that is...)
Biscuits are in the same family as macaroons in that they are bearer tokens that can be attenuated offline, but they go further. A biscuit carries a chain of signed “blocks” that can contain facts, rules, and checks in a small Datalog-like logic language. That lets the token itself express richer authorization context, not just restrictions.
Key differences from macaroons:
- Crypto model: Macaroons use HMAC, so every verifier needs the shared secret. Biscuits use public/private keypairs so any verifier with the public key can check validity.
- Expressiveness: Macaroons only add caveats (restrictions). Biscuits can encode facts, rules, and checks, enabling more complex policies to travel with the token. so you can attest and attenuate (and do some other tricky stuff if you want)
- Delegation: Both support attenuation, but biscuits do it with signed blocks that are verifiable and can be chained across services.
So conceptually similar, but biscuits aim to be more decentralized and policy-rich.