RobertButler/Authorization

HMAC Authentication

HMAC Authorization

• ACL-type

• Groupings possible (which inherit groups of ACLs)

  • Groups are users with one level of indirection.

• Permissions based

  • Expensive permissions checks are done once, when asking for permission

  • Permissions only requested when needed for the session

    • Saves processing time for simple one-time actions
  • Once permission is granted, token is 'upgraded' to include the requested permission
  • Frequent permissions checks check only the token, not the ACL table.