Design secrets

[joeduffy]

The secrets system needs to be designed. In particular, we want secrets to be opaque cookies that can flow throughout the system without concern for their safety. At the time they are wielded and redeemed for the concrete secret value -- as close to their use as possible -- this opaque cookie is turned into an authority, perhaps through some combination with an authorized identity.

[ericrudder]

not hugely important, however, i like using the term "memento" ... you might hate it -- that's fine. i like it because it doesn't over-promise (in the security sense, etc.) .. and in the JS case, attackers won't search for it. it's *not* an exact fit, however, i saw it in a patterns book once (not this one: https://sourcemaking.com/design_patterns/memento, but somewhere) ... and i've always kind of wanted to use it for an opaque reference. in any case, choose whatever name you want, however, my vote is to avoid "secret" or "secure" in the name.

…

On Sun, Jan 8, 2017 at 5:48 AM, Joe Duffy ***@***.***> wrote: The secrets system needs to be designed. In particular, we want secrets to be opaque cookies that can flow throughout the system without concern for their safety. At the time they are wielded and redeemed for the concrete secret value -- as close to their use as possible -- this opaque cookie is turned into an authority, perhaps through some combination with an authorized identity. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#35>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AH_5wgvQ6uKmkRIffxfePape2fxzVPLrks5rQOlCgaJpZM4LdsZ-> .

[joeduffy]

This is done except that it now needs to be reviewed and a few loose ends like #397 implemented. But the bulk of the design work is now done, and so closing this out.