passdata 0.0.2

Authentication and authorization data in a logic programming language.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

# Passdata

`Passdata` is authentication and authorization data expressed in a logic
programming language. Data should fit within the limits of a HTTP cookie or
header. The language is limited in order to guarantee execution characteristics
during execution.

Applications and services which accept `Passdata` are intended to be usable
without the need to contact a centralized service for every operation.

The library is experimental and is not intended for production usage.

## Alternatives

There are many alternatives which are considered production ready. It is
strongly recommended to look into these alternatives.

* HTTP sessions
* [JSON Web Tokens (JWT)](https://datatracker.ietf.org/doc/html/rfc7519)
* [Pasteo](https://paseto.io)
* [Macroons](https://www.ndss-symposium.org/ndss2014/programme/macaroons-cookies-contextual-caveats-decentralized-authorization-cloud/)
* [Biscuit](https://www.biscuitsec.org)

### Differences from Alternatives

Compared to traditional HTTP sessions, `Passdata` does not require a server side
persistence data store. More computation is done in the application code to
process `Passdata`, but the tradeoff may be desirable in situations where compute
is cheap but the cost in persisting and retrieving from storage is high.

JSON Web Tokens and Pasteo are primarily used with a limited set of predefined
data fields. `Passdata` allows arbitrary data.

`Passdata` is not focused on token attenutation unlike Macaroons and Biscuits.

`Passdata` is most similar to Biscuits which has its own logic programming
language. However, `Passdata` has a more limited logic programming language in
order to provide better guarantees on possible resource usage.

## License

Licensed under either of [Apache License, Version 2.0][LICENSE_APACHE] or [MIT
License][LICENSE_MIT] at your option.

### Contributions

Unless you explicitly state otherwise, any contribution intentionally submitted
for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
dual licensed as above, without any additional terms or conditions.

[LICENSE_APACHE]: LICENSE-APACHE
[LICENSE_MIT]: LICENSE-MIT