Passdata is authentication and authorization data expressed in a logic
programming language. Data should fit within the limits of a HTTP cookie or
header. The language is limited in order to guarantee execution characteristics
during execution.
Applications and services which accept Passdata are intended to be usable
without the need to contact a centralized service for every operation.
The library is experimental and is not intended for production usage.
There are many alternatives which are considered production ready. It is strongly recommended to look into these alternatives.
- HTTP sessions
- JSON Web Tokens (JWT)
- Pasteo
- Macroons
- Biscuit
Compared to traditional HTTP sessions, Passdata does not require a server side
persistence data store. More computation is done in the application code to
process Passdata, but the tradeoff may be desirable in situations where compute
is cheap but the cost in persisting and retrieving from storage is high.
JSON Web Tokens and Pasteo are primarily used with a limited set of predefined
data fields. Passdata allows arbitrary data.
Passdata is not focused on token attenutation unlike Macaroons and Biscuits.
Passdata is most similar to Biscuits which has its own logic programming
language. However, Passdata has a more limited logic programming language in
order to provide better guarantees on possible resource usage.
Licensed under either of Apache License, Version 2.0 or MIT License at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.