Macaroons, like cookies, are a form of bearer credential. Unlike opaque tokens,
macaroons embed caveats that define specific authorization requirements for the
target service, the service that issued the root macaroon and which is capable
of verifying the integrity of macaroons it recieves.
Macaroons allow for delegation and attenuation of authorization. They are
simple and fast to verify, and decouple authorization policy from the
enforcement of that policy.
dependency for upcoming synapse/matrix server port.
ok solene@
107427bd92