A project using Macaroons
12 views
Skip to first unread message
Alan Karp
Feb 1, 2024, 7:47:31 PM2/1/24
to <friam@googlegroups.com>, cap-...@googlegroups.com
Baldur Jóhannsson
Feb 4, 2024, 3:40:38 PM2/4/24
to fr...@googlegroups.com, cap-...@googlegroups.com
Hmm... they stumbled on the same issue why most programmers wont use macaroons:
There was no specification on the caveats other than the only before
and only after kinds.
("time < 2024-02-04T04:20" and "time > 2024-02-02T13:35" as respective examples)
They call them untypeable utf-8 blobs and link to an podcast that
talks about these kind of tokens where there is a rather hand-wavy
admonisment why that is bad. (Then the podcast goes off into weeds of
trying to shoehorn in userId crap into macaroons. Sure you can use
third party caveats to enforce it but why would you? One kind of first
party caveat, I coded up, that is always true is a comment/blame
caveat that just gets logged with the request. That is that caveats
whole function.)
So the fly.io folks went off and made their own format that wasnt
written up in the original paper.
But I am definitly going to look at their caveat system and see if
they got something I want to copy.
(btw I am hacking together a macaroon caveats enforcing functions for
use with val.town.
Got four kinds of caveats so far. The aforementioned only before and
after ones, the comment one, and one that is paramExp which specifies
a boolean conditional expression. Basically anything you can put into
the conditional of an if statement in js minus function calls and
blatant side effects. Ping me if you want to know more.)
On Fri, 2 Feb 2024 at 00:47, Alan Karp <alan...@gmail.com> wrote:
>
> https://fly.io/blog/macaroons-escalated-quickly/
>
> --------------
> Alan Karp
>
> --
There was no specification on the caveats other than the only before
and only after kinds.
("time < 2024-02-04T04:20" and "time > 2024-02-02T13:35" as respective examples)
They call them untypeable utf-8 blobs and link to an podcast that
talks about these kind of tokens where there is a rather hand-wavy
admonisment why that is bad. (Then the podcast goes off into weeds of
trying to shoehorn in userId crap into macaroons. Sure you can use
third party caveats to enforce it but why would you? One kind of first
party caveat, I coded up, that is always true is a comment/blame
caveat that just gets logged with the request. That is that caveats
whole function.)
So the fly.io folks went off and made their own format that wasnt
written up in the original paper.
But I am definitly going to look at their caveat system and see if
they got something I want to copy.
(btw I am hacking together a macaroon caveats enforcing functions for
use with val.town.
Got four kinds of caveats so far. The aforementioned only before and
after ones, the comment one, and one that is paramExp which specifies
a boolean conditional expression. Basically anything you can put into
the conditional of an if statement in js minus function calls and
blatant side effects. Ping me if you want to know more.)
On Fri, 2 Feb 2024 at 00:47, Alan Karp <alan...@gmail.com> wrote:
>
> https://fly.io/blog/macaroons-escalated-quickly/
>
> --------------
> Alan Karp
>
> --
Tony Arcieri
Feb 6, 2024, 11:38:53 AM2/6/24
to cap-...@googlegroups.com, fr...@googlegroups.com
On Sun, Feb 4, 2024 at 1:40 PM Baldur Jóhannsson <zaru...@gmail.com> wrote:
Hmm... they stumbled on the same issue why most programmers wont use macaroons:
There was no specification on the caveats other than the only before
and only after kinds.
("time < 2024-02-04T04:20" and "time > 2024-02-02T13:35" as respective examples)
This is one of the nice things about Biscuits (https://www.biscuitsec.org/). It embeds a Datalog-like language for evaluating its notion of caveats and making authorization decisions.
For Macaroons specifically, I've found Protobufs work well for describing caveats. You can use a `oneof`-style enumeration to define the possibilities.
Tony Arcieri
Reply all
Reply to author
Forward
0 new messages