logoalt Hacker News

tptacekyesterday at 6:32 PM2 repliesview on HN

It's exactly the tokenizer, but we shoplifted the idea too; it belongs to the world!

(The credential thing I'm actually proud of is non-exfiltratable machine-bound Macaroons).

Remember that the security promises of this scheme depend on tight control over not only what hosts you'll send requests to, but what parts of the requests themselves.

Replies

orfyesterday at 11:00 PM

How does this work with more complex authentication schemes, like AWS?

svieirayesterday at 7:51 PM

Did the machine-bound Macaroons ever get written up publicly or is that proprietary?

show 1 reply