Twitter Feed
@gcouprie ("Geoffroy Couprie") replied to a tweet by @gcouprie:
That's where biscuit comes: you can take an existing token, and add more authorization rules that will be executed in the service, without increasing rights (the service's rules still apply). Hence the decentralized authz : the user can bring their own rules