WICG/webpackage

Look into Macaroons for cross-signing

Open

#52 opened on May 10, 2017

View on GitHub
 (1 comment) (0 reactions) (0 assignees)Go (123 forks)github user discovery
help wanted

Repository metrics

Stars
 (1,256 stars)
PR merge metrics
 (PR metrics pending)

Description

https://research.google.com/pubs/pub41892.html describes a way to grant capabilities in a way the receiver can attenuate and pass on. We're thinking of having authorities counter-sign packages in order to say, for example, that FooCorp trusts this package to fetch() from internal systems. Maybe macaroons are a better way to express this.

Contributor guide