Biscuit: pubkey signed token with offline attenuation and Datalog authz policies
Loading
0 %
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
You can right click on slides to open the menu
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video stream
Subscribe to notifications
When subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Links:
Number of views:
27 (this month: 1)Creation date:
July 6, 2021Speakers:
Geoffroy CouprieLicense:
CC BY-SA v4Description
Biscuit is a new kind of authorization token that merges the public key signatures of JWT, with offline attenuation and caveats from macaroons. It comes with a Datalog based language to express policies, that can be provided by the token or the server side.
This feature set unlocks powerful use cases like multitenant systems that need flexible authorization policies, or chains of microservices requests with locked down bearer tokens
This feature set unlocks powerful use cases like multitenant systems that need flexible authorization policies, or chains of microservices requests with locked down bearer tokens
Geoffroy Couprie is R&D and security at Clever Cloud. I mess with Rust, parsers and cryptography
Other media in the channel "2021"
- 46 views, 3 this yearMeet Piotr, a firmware emulation tool for trainers and researchersJuly 7th, 2021
- 25 viewsORAMFS: Achieving Storage-Agnostic PrivacyJuly 7th, 2021
- 11 views, 1 this yearIn Search of Lost Time: A Review of JavaScript Timers in BrowsersJuly 7th, 2021
- 42 views, 4 this yearRevisiting the Art of Encoder-Fu for novel shellcode obfuscation techniquesJuly 7th, 2021
- 15 views, 2 this yearATT&CKing Kubernetes: A technical deep dive into the new ATT&CK for ContainersJuly 7th, 2021
- 26 views, 2 this yearSecurity alerting made easy using PythonJuly 7th, 2021