Biscuit: pubkey signed token with offline attenuation and Datalog authz policies
| Action | Key |
|---|---|
| Play / Pause | K or space |
| Mute / Unmute | M |
| Toggle fullscreen mode | F |
| Select next subtitles | C |
| Select next audio track | A |
| Toggle automatic slides maximization | V |
| Seek 5s backward | left arrow |
| Seek 5s forward | right arrow |
| Seek 10s backward | shift + left arrow or J |
| Seek 10s forward | shift + right arrow or L |
| Seek 60s backward | control + left arrow |
| Seek 60s forward | control + right arrow |
| Seek 1 frame backward | alt + left arrow |
| Seek 1 frame forward | alt + right arrow |
| Decrease volume | shift + down arrow |
| Increase volume | shift + up arrow |
| Decrease playback rate | < |
| Increase playback rate | > |
| Seek to end | end |
| Seek to beginning | beginning |
You can right click on slides to open the menu
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video stream
Subscribe to notifications
When subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
32 views
Biscuit is a new kind of authorization token that merges the public key signatures of JWT, with offline attenuation and caveats from macaroons. It comes with a Datalog based language to express policies, that can be provided by the token or the server side.
This feature set unlocks powerful use cases like multitenant systems that need flexible authorization policies, or chains of microservices requests with locked down bearer tokens
This feature set unlocks powerful use cases like multitenant systems that need flexible authorization policies, or chains of microservices requests with locked down bearer tokens
Geoffroy Couprie is R&D and security at Clever Cloud. I mess with Rust, parsers and cryptography
Creation date:
July 6, 2021
Speakers:
Geoffroy Couprie
License:
CC BY-SA v4
Links:
Other media in the channel "2021"
48 views, 1 this yearMeet Piotr, a firmware emulation tool for trainers and researchersJuly 7th, 2021
25 viewsORAMFS: Achieving Storage-Agnostic PrivacyJuly 7th, 2021
13 views, 2 this yearIn Search of Lost Time: A Review of JavaScript Timers in BrowsersJuly 7th, 2021
42 viewsRevisiting the Art of Encoder-Fu for novel shellcode obfuscation techniquesJuly 7th, 2021
17 views, 1 this yearATT&CKing Kubernetes: A technical deep dive into the new ATT&CK for ContainersJuly 7th, 2021
26 viewsSecurity alerting made easy using PythonJuly 7th, 2021