couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Update of "Contributing" by AlanBell
Date Mon, 07 Apr 2008 08:37:50 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The following page has been changed by AlanBell:
http://wiki.apache.org/couchdb/Contributing

------------------------------------------------------------------------------
  
  === Security and Authentication ===
  
- CouchDB currently lacks any security. We want to introduce a super-flexible permission system
with users and groups and read and write permissions that can be enforced on documents and
databases. @@ add more details
+ CouchDB currently lacks any security. We want to introduce a super-flexible permission system
with users and groups and read and write permissions that can be enforced on documents and
databases.
+ The prerequisite to Security is Identity. The proposal is to use LDAP as the directory of
users and groups. Once authenticated the server will know the distinguished name of the current
user. It may have an datastructure representing the full LDAP entry of the current user which
it can pass to JavaScript functions.
+ The JavaScript security function may live in a design document, there might be several security
functions per database, perhaps one for each document type. There could perhaps be security
functions on the data documents?
+ For example the below function allows everyone to read, but only the creator of the document
may update or delete.
+ {{{
+ security(doc,databasesecuritydoc,user,operation){
+   if(operation=="read"){
+      return true;
+   }
+   elseif(doc.creator==user.name){
+      return true;
+   }else{
+     return false;
+   }
+ }}}
+ 
+ @@ add more details
  
  === Database Partitioning ===
  

Mime
View raw message