"Macaroons Authorization: Caveats, Delegation, and Least-Privilege Tokens"
Distributed systems keep getting better at moving data—and worse at containing authority. This book is for experienced engineers and security-minded architects who need to design authorization that survives microservices, third-party integrations, and automation without turning every request into an online policy lookup. Macaroons offer a capability-centric alternative: credentials that can be safely attenuated as they propagate, enabling delegation with tight, inspectable constraints.
You'll learn the mental model shift from identity to capabilities, then dive into macaroons' structure and HMAC-based integrity to understand exactly what guarantees they provide—and what they don't. The book walks through building fail-closed verification engines, treating caveat satisfiers as a hard security boundary, and engineering first-party caveats that encode least privilege (resource/action scoping, time/audience/session constraints, canonicalization and versioning). It then tackles real delegation: multi-hop attenuation chains, proxy/confused-deputy defenses, and third-party caveats with discharge macaroons and binding to prevent replay and cross-context reuse.
Operational reality is addressed head-on: root key scoping and storage, rotation without downtime, expiry and revocation strategies, safe transport and storage, and decision-grade observability. Finally, a decision framework compares macaroons with JWTs, OAuth, and ACLs, including hybrid migrations and a catalog of anti-patterns. Readers should be c
