A Valet Key is a special key that some cars have which has limited functionality i.e. it only opens the driver’s side door and starts the engine, and does not open the glove box.
In the cloud, an application can issue an equivalent key, limited in scope and time, in the response to a request. The client then uses this key to access some other resource directly.
- Issuing a key directly to the client means the request can return sooner, freeing up resources to handle other requests. This is especially beneficial when the operation is heavy or long running and would tie up considerable resources e.g. media transfer. Storage and data transfer are generally cheaper than computation.
- Keys can be issued with a convenient expiry time, allowing short bursts of communication to proceed with only the one initial server request.
- Although the keys can have fine grained scope to follow the Principle of Least Privilege, any compromise does nonetheless give an attacker full access to the resource within the scope and time limit.
- The potential attack surface is larger as it includes the resource itself, in addition to the issuing server and the key itself.
- Direct oversight of the resource is often lost. For example, it might not be possible to limit the size of an uploaded file, or gather download statistics.
Azure example implementation
- The upload file request hits the ASP.NET server, which does the lightweight setup of enabling CORS from the client browser, and retrieving a token from the blob storage.
- The browser can then upload the file directly to the blob.