Return-Path: Delivered-To: apmail-incubator-couchdb-commits-archive@locus.apache.org Received: (qmail 47062 invoked from network); 7 Apr 2008 10:01:06 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 7 Apr 2008 10:01:06 -0000 Received: (qmail 19802 invoked by uid 500); 7 Apr 2008 10:01:07 -0000 Delivered-To: apmail-incubator-couchdb-commits-archive@incubator.apache.org Received: (qmail 19757 invoked by uid 500); 7 Apr 2008 10:01:06 -0000 Mailing-List: contact couchdb-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: couchdb-dev@incubator.apache.org Delivered-To: mailing list couchdb-commits@incubator.apache.org Received: (qmail 19748 invoked by uid 99); 7 Apr 2008 10:01:06 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Apr 2008 03:01:06 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.130] (HELO eos.apache.org) (140.211.11.130) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Apr 2008 10:00:23 +0000 Received: from eos.apache.org (localhost [127.0.0.1]) by eos.apache.org (Postfix) with ESMTP id 85BB9D2DD for ; Mon, 7 Apr 2008 10:00:43 +0000 (GMT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Apache Wiki To: couchdb-commits@incubator.apache.org Date: Mon, 07 Apr 2008 10:00:43 -0000 Message-ID: <20080407100043.20936.96673@eos.apache.org> Subject: [Couchdb Wiki] Update of "Contributing" by ChristopherLenz X-Virus-Checked: Checked by ClamAV on apache.org Dear Wiki user, You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification. The following page has been changed by ChristopherLenz: http://wiki.apache.org/couchdb/Contributing The comment on the change is: Pointers to information on security/validation ------------------------------------------------------------------------------ === Security and Authentication === - CouchDB currently lacks any security. We want to introduce a super-flexible permission system with users and groups and read and write permissions that can be enforced on documents and databases. + CouchDB currently lacks any security. We want to introduce a super-flexible permission system with users and groups and read and write permissions that can be enforced on documents and databases. Please see the [http://incubator.apache.org/couchdb/docs/overview.html technical overview] and this [http://groups.google.com/group/couchdb/msg/ca577d22b8aeb7cc post on the old mailing list] for some info on what is planned. + The prerequisite to Security is Identity. The proposal is to use LDAP as the directory of users and groups. Once authenticated the server will know the distinguished name of the current user. It may have an datastructure representing the full LDAP entry of the current user which it can pass to JavaScript functions. + The JavaScript security function may live in a design document, there might be several security functions per database, perhaps one for each document type. There could perhaps be security functions on the data documents? + For example the below function allows everyone to read, but only the creator of the document may update or delete. {{{ security(doc,databasesecuritydoc,user,operation){ @@ -51, +54 @@ return false; } }}} - - @@ add more details === Database Partitioning ===