Macaroons authorization credentials, better than cookies

This was the year I first heard of the term "macaroon" used in the context of the web, authorization frameworks and other crypto stuff. I had absolutely no idea of what it was, but "the web" said it was good, so I got curious and did some studying. It turned out to be a technique for creating authorization tokens with some very interesting properties:

• Proof carrying: a macaroon carries its own proof of authorization, cryptographically secured.
• Delegation: a macaroon can be given to another user who can then act on your behalf.
• Attenuation: any user can further restrict (attenuate) the authorization before sharing the macaroon with others.
• Distributed authorization: any user can require authorization by other services before using a macaroon.

Here is a small scenario illustrating the above features:

1. Alice wants to share a set of images on a photo sharing website. Lets call it "Phlocker" for now.
2. Alice asks Phlocker to create a macaroon which enables access to exactly those images.
3. Alice sends the macaroon to Bob.
4. Bob receives the macaroon, most likely as part of a URL to Phlocker, and he uses it to access the images.
5. Bob decides to share exactly one of the images with Cecilia. So Bob creates a new macaroon from the original macaroon without involving Phlocker at all. This new macaroon "attenuates" the original macaroon and restricts it to the single image.
6. Bob does not want Cecilia to share the image with others, so he attenuates the macaroon even further by adding the requirement that only Cecilia, as identified by her Twitter account, should be allowed to use the macaroon.
7. Bob sends the macaroon to Cecilia.
8. Cecilia receives the macaroon and sees the requirement of being logged into Twitter as Cecilia.
9. Cecilia interacts with Twitter to prove her identity and Twitter issues a discharge macaroon to Cecilia. This is all done without Twitter knowing why Cecilia needs the authorization.
10. Cecilia prepares the discharge macaroon for use at Phlocker and sends it together with the original macaroon she received from Bob.
11. Phlocker checks Cecilia's macaroon from Bob, recognizes the Twitter identity requirement and verifies it with the discharge macaroon.
12. Cecilia gets to see the single image without being able to see the other images that Alice originally authorized Bob to access.

The technology for this flow is not yet perfect as there are some interoperability problems regarding how to encode third party requirements like "being authorized as Cecilia @ Twitter". But the underlying crypto stuff is solid and published in the paper "Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud" by Arnar Birgisson, Joe Gibbs Politz, Úlfar Erlingsson, Ankur Taly, Michael Vrable and Mark Lentczner.

Personally I think this little piece of technology has a great potential for creating distributed system.