Biscuit tokens provide decentralized verification through public key cryptography, allowing any application with the public key to verify the token. A unique feature of Biscuit is the ability to generate new tokens with fewer rights, such as restricting write access or adding an expiration date. Authorization policies for Biscuit are written in a logic language, which can be provided by the application or transported by the token itself. Biscuit is well-suited for capabilities-based authorization, but it also allows for verification side access control lists. Tokens can be easily revoked using unique revocation identifiers. Biscuit is implemented in multiple programming languages and comes with predefined test cases for easy implementation.
https://www.biscuitsec.org/