Macaroons

Source: DOI Authors: Arnar Birgisson, Joe Gibbs Politz, Úlfar Erlingsson, Ankur Taly, Michael Vrable, Mark Lentczner Date: 2014

Core idea

Macaroons are authorization credentials that can be attenuated with contextual caveats while remaining compact and verifiable.

Harness takeaway

Delegated rights in the studio should be caveated capability tokens: every delegation narrows scope, expiry, budget, or allowed action rather than expanding ambient trust.