couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: Cookie Auth
Date Sat, 11 Jul 2009 00:43:55 GMT
On Fri, Jul 10, 2009 at 5:27 PM, Mark Hammond<skippy.hammond@gmail.com> wrote:
> On 11/07/2009 10:13 AM, Chris Anderson wrote:
>
>> I think we're on the right track as we're really using this
>> development to implement CouchDB's model of roles, which is
>> essentially an array of strings like: ["_admin", "foo", "bar"]
>>
>> Having a working system which brings in more than just the admin role
>> is a big step forward in preparing to integrate with other auth
>> systems.
>
> Agreed - and this is where the focus should be.  It is quite possible I
> misunderstood (I haven't checked the code) but I feared the focus on 'cookie
> auth' might only produce a system that integrates well with cookie-auth.  If
> the focus is on the integration and cookies just happen to be a 'test bed'
> for this scheme, then I think we are in violent agreement (although I'd
> still maintain that 'test bed' need not be part of the core...)
>

I feel like Erlang encourages to write decoupled modules, and this
makes us able to absorb more features without taking the same
maintenance hit you might in a mutable language. My long-term picture
(and this is just mine, not the project's) sees CouchDB having a suite
of auth modules as they are contributed, that resolve external systems
(LDAP, OpenID, etc) into the CouchDB name & roles userCtx object, so
they are interoperable with our validation functions, filters, etc.

Chris

-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message