From commits-return-5532-apmail-couchdb-commits-archive=couchdb.apache.org@couchdb.apache.org Mon Nov 22 14:41:21 2010 Return-Path: Delivered-To: apmail-couchdb-commits-archive@www.apache.org Received: (qmail 4024 invoked from network); 22 Nov 2010 14:41:21 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 22 Nov 2010 14:41:21 -0000 Received: (qmail 66870 invoked by uid 500); 22 Nov 2010 14:41:53 -0000 Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org Received: (qmail 66748 invoked by uid 500); 22 Nov 2010 14:41:50 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 66736 invoked by uid 500); 22 Nov 2010 14:41:50 -0000 Delivered-To: apmail-incubator-couchdb-commits@incubator.apache.org Received: (qmail 66730 invoked by uid 99); 22 Nov 2010 14:41:49 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Nov 2010 14:41:49 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.131] (HELO eos.apache.org) (140.211.11.131) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Nov 2010 14:41:49 +0000 Received: from eosnew.apache.org (localhost [127.0.0.1]) by eos.apache.org (Postfix) with ESMTP id 9F229418; Mon, 22 Nov 2010 14:41:12 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: Apache Wiki To: Apache Wiki Date: Mon, 22 Nov 2010 14:41:12 -0000 Message-ID: <20101122144112.38281.19272@eosnew.apache.org> Subject: =?utf-8?q?=5BCouchdb_Wiki=5D_Update_of_=22PerDocumentAuthorization=22_by_?= =?utf-8?q?BramNeijt?= Dear Wiki user, You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for c= hange notification. The "PerDocumentAuthorization" page has been changed by BramNeijt. http://wiki.apache.org/couchdb/PerDocumentAuthorization?action=3Ddiff&rev1= =3D3&rev2=3D4 -------------------------------------------------- The user is authenticated using any kind of authentication method (HTTP b= asic auth, or otherwise) and is considered to be identified by a single ide= ntifying string. Under the term "specific access", this document considers = three types: being able to verify existence, being able to read the documen= t, and being able to update the document (deleting the document is consider= ed an update of the document) = =3D Possible solutions =3D + =3D=3D Database per user =3D=3D + Create one database for each user and use authentication on the database = for that given user. Because views do not work across databases, you will h= ave to replicate all needed data between the different user databases to al= low for a view to contain both private and public/other users' data. + = + Access protection this solution implements: + * Update: completely, the database can be protected against other users = writing into it. + * Verify existence: it is still possible to verify existence of a docume= nt because other users are given either complete read possibilities or no r= ead abilities. + * Read: It is possible to deny all other users access to the database + = + = + Limitations: + * Scalability: to support both readable and non-readable documents, you = will have to replicate data from on user database to another users' databas= e. + * Volume: replicating data per user will probably create way to much dat= a. + * Views could still work if readable documents are copied between the di= fferent user databases. + = =3D=3D Smart proxy =3D=3D Create a smart proxy that wraps all documents with the user credentials a= nd filters all results. Access protection this solution implements: