Delegated authorization models can be used in conjunction with server-side or end-to-end encryption configurations. This approach provides significant protection against credential-based attacks because no subsequent change to account or bucket configurations can alter the authorization or access of a credential once created. Moreover, credentials are cryptographically verifiable, making it impossible to tamper with or alter the authorization restrictions encoded in the credentials.
Pain Points:
We don't have good documentation on how to achieve macaroon-based enforced immutability.
Intended Outcome:
Technical documentation is created that explains how users can leverage this functionality.
Macaroon based Enforced Immutability
Summary:
Delegated authorization models can be used in conjunction with server-side or end-to-end encryption configurations. This approach provides significant protection against credential-based attacks because no subsequent change to account or bucket configurations can alter the authorization or access of a credential once created. Moreover, credentials are cryptographically verifiable, making it impossible to tamper with or alter the authorization restrictions encoded in the credentials.
Pain Points:
Intended Outcome: