couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <>
Subject Re: Cookie Auth
Date Fri, 10 Jul 2009 16:50:43 GMT
On Fri, Jul 10, 2009 at 7:22 AM, Benoit Chesneau<> wrote:
> 2009/7/10 Mark Hammond <>:
>> On 10/07/2009 4:08 PM, Chris Anderson wrote:
>> This is starting to sound like feature-creep to me - isn't this better
>> served by a front-end tool?  Maybe an erlang-based set of tools around couch
>> would be nice, but I like the concept of keeping couch lean-and-mean and
>> leaving many of these 'application' concepts outside the core.
>> Hopefully helpfully...

The big push here is to make it possible to create full fledged
applications that can be replicated anyplace there is a CouchDB.
Currently in order to make use of the user roles you have to use node
admins. This branch paves the way for roles like db-owner, and
eventually access control lists.

I know much of this can be accomplished with HTTP tools but by
integrating it into CouchDB we get portability across installations.

The UbuntuOne usage of CouchDB calls for OAuth support so hopefully
some of the work in this simple cookie-auth branch can be used to
structure the OAuth API.

One man's feature creep is another's requirement... I try to keep a
level head about CouchDB features by leaving out the ones that every
application will do differently. If we can make a session handler that
CouchApps all use by default, it will take an entire territory of pain
away from application developers. If we leave it out, everyone will
implement it differently and that starts to be it's own problem.

I see where you're coming from Mark, but I think in the long term auth
support from Couch is inevitable, so we may as well start now so that
we can get it right.


>> Mark.
> Well cookie auth is an handler, so you could disable it and use
> default handler. On the other hand I think couchdb should design
> best/default practices for authentification/rights (ie place of user
> db, roles & ...) so eventually you could use your own auth handler on
> any set of documents. More over having a good authentification handler
> in couchdb allow distribution of couchapps with some authentification,
> which is very cool and don't hurt all other legacy usages of a db.
> - benoît

Chris Anderson

View raw message