<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Feb 10, 2015 at 4:52 AM, ianG <span dir="ltr"><<a href="mailto:iang@iang.org" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=iang@iang.org&cc=&bcc=&su=&body=','_blank');return false;">iang@iang.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">So my current view is that what is needed is a hybrid.  At a limited sense one can see this with expiries:  a cap with a time limit on it is a cap with a "control" on it.</blockquote><div><br></div><div>You should really look at Macaroons:</div><div><br></div><div><a href="http://research.google.com/pubs/pub41892.html">http://research.google.com/pubs/pub41892.html</a></div><div><a href="https://air.mozilla.org/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/">https://air.mozilla.org/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/</a> </div></div><div><br></div>-- <br><div class="gmail_signature">Tony Arcieri<br></div>
</div></div>