GopherCon 2018 - Engineering Disaster with Macaroons

conference, golang, gophercon2018, notes

These are some notes from my experiences at the GopherCon 2018. I don’t expect these will be laid out in any particularly useful way; I am mostly taking them so I can remember some of the bits I found most useful in the future.


What are Macaroons?

  • Address authorization and authentication

    • authentication: who are you?
    • authorization: what can you do?
  • Capability vs. Identity

    • direct grants vs. who are you and what can you do?
    • e.g., keys vs. biometrics
    • keys are somewhat dangerous, but give easier flexibility
    • identity methods leads to confused deputies
  • Maybe we can combine Capability w/ Identity?

    • Macaroons are bearer tokens that are limited
  • HMAC authenticated tokens

    • Store username and HMAC hash and pass w/ requests for authentication
  • Macaroons add layers

    • Auth = hmac(username, key)
    • Perm = hmac(acl, Auth)
    type Macaroon struct {
        loc
        id
        caveats
        ...
        signature
    }
  • Need to know all the ways a macaroon might be limited
  • Can have both first and third party caveats

    • Need discharge macaroons from 3rd party

The Bad Parts

  • Availability dependence on 3rd party services

    • discharge macaroons
  • Cumbersome API w/o SDK

  • Adding/removing roles didn’t invalidate baked macaroons

  • Revocation had a 5 minute delay (discharge macaroons)

  • Macaroon vs. Macaron