couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Update of "Authentication and Authorization" by CurtArnold
Date Wed, 29 Jul 2009 15:17:32 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The following page has been changed by CurtArnold:
http://wiki.apache.org/couchdb/Authentication_and_Authorization

------------------------------------------------------------------------------
  [http://db.apache.org/derby/docs/10.5/ref/rrefproper13766.html Apache Derby derby.authentication.provider]
  
  [http://tools.ietf.org/html/rfc2617 RFC 2617: HTTP Authentication: Basic and Digest Access
Authentication]
+ 
+ [http://db.apache.org/derby/docs/10.4/ref/rrefsqljgrant.html Apache Derby GRANT Syntax]
+ 
+ [http://db.apache.org/derby/docs/10.4/ref/rrefsistabssystableperms.html Apache Derby SYSTABLEPERMS
Table]
+ 
+ [http://db.apache.org/derby/docs/10.4/ref/rrefsistabssyscolperms.html Apache Derby SYSCOLPERMS
Table]
+ 
+ 
  
  
  == Authentication use cases ==
@@ -83, +91 @@

  The following use-cases describe potential usage scenarios for an authentication system.
  The catalog of use-cases could be helpful to describe the feature set of
  any proposals and to identify any architectural issues.
+ 
+ NO-IDENTITY: The user is not authenticated.  All access is controlled by the rights
+ granted to anonymous users.
+ 
+ FIXED-IDENTITY: The user is specified via configuration.
+ 
+ DECLARED-IDENTITY: The user is specified in the request and not authenticated.
+ 
+ PROXY-AUTH: A reverse proxy authenticates the user and optionally rewrites the
+ request to include the remote user.  The authentication handler would extract
+ the remote user from the rewritten request (similar to DECLARED-IDENTITY).
+ The "Via" header could be used to distinguished proxied requests from
+ local or tunnelled requests which could be granted elevated privileges 
+ (like local or tunnelled would get <<"_admin">> with current authorization system).
+ 
+ IP-IDENTITY: The originating IP address is used to identify the user.
+ Could be useful for replicating nodes.  Local origination could
+ result in elevated privileges.
+ 
+ BASIC-IDENTITY: HTTP Basic Authentication is used to identify
+ the user.
+ 
+ DIGEST-IDENTITY: HTTP Digest Authentication is used to identify
+ the user.
+ 
+ OAUTH-IDENTITY: OAuth is used to identify the user.
+ 
+ LDAP-IDENTITY: LDAP is used to identify the user.
+ 
+ SSL-IDENTITY: An SSL certificate is used to identify the user.
+ 
+ COOKIE-IDENTITY: A cookie is sent that is used for  
+ to provide the identity.
+ 
+ HYBRID-AUTH: An option of different means may be offered
+ to validate the user.
+ 
  
  == Authentication hooks ==
  

Mime
View raw message