GopherCon 2018 - Engineering Disaster with Macaroons
These are some notes from my experiences at the GopherCon 2018. I don’t expect these will be laid out in any particularly useful way; I am mostly taking them so I can remember some of the bits I found most useful in the future.
What are Macaroons?
-
Address authorization and authentication
- authentication: who are you?
- authorization: what can you do?
-
Capability vs. Identity
- direct grants vs. who are you and what can you do?
- e.g., keys vs. biometrics
- keys are somewhat dangerous, but give easier flexibility
- identity methods leads to confused deputies
-
Maybe we can combine Capability w/ Identity?
- Macaroons are bearer tokens that are limited
-
HMAC authenticated tokens
- Store username and HMAC hash and pass w/ requests for authentication
-
Macaroons add layers
- Auth = hmac(username, key)
- Perm = hmac(acl, Auth)
type Macaroon struct {
loc
id
caveats
...
signature
}
-
Need to know all the ways a macaroon might be limited
-
Can have both first and third party caveats
- Need discharge macaroons from 3rd party
The Bad Parts
-
Availability dependence on 3rd party services
- discharge macaroons
-
Cumbersome API w/o SDK
-
Adding/removing roles didn’t invalidate baked macaroons
-
Revocation had a 5 minute delay (discharge macaroons)
-
Macaroon vs. Macaron