Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[WIP] Biscuit 2.0 specification and samples #77

Merged
merged 23 commits into from
Jan 12, 2022
Merged

[WIP] Biscuit 2.0 specification and samples #77

merged 23 commits into from
Jan 12, 2022

Conversation

Geal
Copy link
Contributor

@Geal Geal commented Sep 3, 2021

See #72

@Geal Geal added this to the Biscuit 2.0 milestone Sep 3, 2021
@Geal
start updating the schema for v2
264dbb0 
- remove v0 compatibility
- convert v1 to v2
- remove the index from blocks (now the cryptographisc design guarantees
the order
@Geal
remove the unique_revocation_id, it is the same as the revocation_id
e5ea1c1
@Geal
implement scoped rules, remove #authority and #ambient
0175a4e 
the scoped execution model ensures that checks and rules only
have access to facts added or generated in the current or previous
blocks. They cannot be affected by facts from later blocks. Verifier
rules, checks and policies are executed in the context of the authority
block

Since this change can prevent check from the authority block and the
verifier from being affected by facts from later block, we can remove
the #authority and #ambient symbols
Geal and others added 17 commits September 6, 2021 12:08
@Geal
display token content in a more structured way
2fa7301
@Geal
display the code provided to the verifier
a0fd497
@Geal
remove the symbol type
a195fb4 
symbols were a kind of strings with less available operations and some
specific optimizations: they store in index into a symbol table carried
by the token, to reduce size by avoiding repetitions.
They were too confusing for users, and now that #authority and #ambient
are gone, we can remove them completely.
The symbol table was useful though, so now the symbol table is used for
all predicate names and strings
@Geal
use the block signature as revocation id
deb45ac 
it is enough to uniquely identify each block
@Geal
remove symbols
6092bd1 
They complicated the Datalog, and the #authority and #ambient symbols
are not needed anymore with the scoped execution
@Geal
use the signature as revocation id
040c204
@Geal
rename ID to Term in the protobuf schema
6c9f12d
@divarvel
samples: add sealed token sample
bc3a34b
@Geal
Merge pull request #80 from divarvel/add-sealed-spec
ab8d2a4 
Add sealed spec
@Geal
sealed token output in README
ecc2cd4
@Geal
the key is now serialized with an enum indicating its algorithm
f38c856 
this will open the way t other urves or algorithms, like P256
@Geal
sign the algorithm enum too in the sealed token signature
1ced350 
it does not change anything security wise, but it makes it more
consistent with the rest
@divarvel
describe the different kinds of biscuits in the glossary
f628f09
@Geal
Merge pull request #81 from divarvel/clarify-vocabulary
a4cddce 
Clarify vocabulary
@Geal
rename verifier to authorizer
16357ce
@Geal
add a testcase for characters used in strings and fact names
a450938
@Geal
add an EBNF grammar for Datalog
cbc7aac
@fbredy
Copy link

fbredy commented Dec 9, 2021

What about this V2 ? is it still "in progress" ?

@Geal
Copy link
Contributor Author

Geal commented Dec 9, 2021

@fbredy it is mostly done. Currently we're working on the web components and the new website, and will publish that along with the 2.0.

I'd like to see the java version done as well. Do you have plans to update the C# version to 2.0?

@Geal
serialize errors to JSON
2d2e03f 
implementations will be able to compare the returned errors
@Geal
show which policy matched even if some checks failed
e8f575e
@fbredy
Copy link

fbredy commented Jan 9, 2022
edited
Loading

@fbredy it is mostly done. Currently we're working on the web components and the new website, and will publish that along with the 2.0.

I'd like to see the java version done as well. Do you have plans to update the C# version to 2.0?

@Geal, i'll update the C# biscuit package, just after the merge of the java version. i've already started.

@Geal
Copy link
Contributor Author

Geal commented Jan 12, 2022

ok, I'm merging this now, there's been enough time to explore it :)

@Geal Geal merged commit 3a200b4 into master Jan 12, 2022
@Geal Geal mentioned this pull request Jan 13, 2022
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Biscuit 2.0
Development

Successfully merging this pull request may close these issues.
4 participants
@Geal @fbredy @clementd-fretlink @divarvel