Authorization in Software features chats with industry subject matter experts in Authorization. Some of the covered topics are: how authorization is implemented at specific companies (e.g.: Airbnb, Slack, Github), how industry standards relate to authorization, and the history of authorization in software.
Damian Schenkelman hosts Authorization in Software. Damian is the creator of the OpenFGA project and a Principal Architect on the Auth0 Lab team, where he does research and development of forward looking products. Before Auth0, Damian spent many years working for and at Microsoft on Azure, and patterns & practices related initiatives. He loves spending his spare time with family, friends and catching up on all things NBA.
Authorization in Software features chats with industry subject matter experts in Authorization. Some of the covered topics are: how authorization is implemented at specific companies (e.g.: Airbnb, Slack, Github), how industry standards relate to authorization, and the history of authorization in software.
Damian Schenkelman hosts Authorization in Software. Damian is the creator of the OpenFGA project and a Principal Architect on the Auth0 Lab team, where he does research and development of forward looking products. Before Auth0, Damian spent many years working for and at Microsoft on Azure, and patterns & practices related initiatives. He loves spending his spare time with family, friends and catching up on all things NBA.
In this episode, host Damian Schenkelman and cybersecurity expert Neil Madden deep dive into the world of macaroons for authorization. Neil starts by distinguishing between JSON Web Tokens (JWT) and macaroons, and shares the origins and unique properties of the latter. They discuss how these Google-invented tokens can enhance security by enabling the addition of conditions, or "caveats", to the token even after it's been issued. The discussion also includes the difference between first-party and third-party caveats, key considerations for implementing macaroons, and how they can be integrated into existing systems like OAuth.
