Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 46442 invoked from network); 5 Feb 2010 22:43:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 5 Feb 2010 22:43:01 -0000 Received: (qmail 11966 invoked by uid 500); 5 Feb 2010 22:43:00 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 11891 invoked by uid 500); 5 Feb 2010 22:43:00 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 11851 invoked by uid 99); 5 Feb 2010 22:43:00 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Feb 2010 22:43:00 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of b.candler@pobox.com designates 208.72.237.25 as permitted sender) Received: from [208.72.237.25] (HELO sasl.smtp.pobox.com) (208.72.237.25) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Feb 2010 22:42:49 +0000 Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 0AFD297083 for ; Fri, 5 Feb 2010 17:42:27 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; s=sasl; bh=eKzV/m4urDL33fnqeOaXYXh4ujc=; b=XPsqu4d kZMXnt7cV9ZH1kO/jFubMZfm0eHEvUOCzyWBfV4r/mocgWfGL1JXFpDh0c38dgja E4PLvGTLroTG3XTA3ENffmeQC+sTNnTRz3ZQFiKbedT0aQ3q0LgqiVombZvTGwxZ b21fFXExNBzdE+j/unxI4hJMCj239jBGMZlw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=sasl; b=CgE/zIIOpiP5xhw+7iaT8mepSmHGBa1Vg jBS2lChz9YVL0g39UcZ3MWLwwJeSJ4Bil/XWP+ZdB5MymkS/xMT9fc6VQrPzHVU+ mj7/AvLxPfsVZ3B2+AZ9D+luUP+fDa9DeOliFC3xn72lg4MaJCSVuIdodAabf+RN 17QII22QrM= Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 06BD797082 for ; Fri, 5 Feb 2010 17:42:27 -0500 (EST) Received: from zino (unknown [87.194.77.98]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id C71E297080 for ; Fri, 5 Feb 2010 17:42:26 -0500 (EST) Received: from lists by zino with local (Exim 4.69) (envelope-from ) id 1NdWsb-0002Ck-Nz for dev@couchdb.apache.org; Fri, 05 Feb 2010 22:42:25 +0000 Date: Fri, 5 Feb 2010 22:42:25 +0000 From: Brian Candler To: dev@couchdb.apache.org Subject: Re: DB ACLs (was Re: 0.11 Release / Feature Freeze for 1.0) Message-ID: <20100205224225.GA8463@uk.tiscali.com> References: <20100203212426.GA10515@uk.tiscali.com> <015a01caa529$3d24e230$b76ea690$@com> <2C591A9F-55E4-49DD-A3E3-9BA075EAE633@apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2C591A9F-55E4-49DD-A3E3-9BA075EAE633@apache.org> User-Agent: Mutt/1.5.20 (2009-06-14) X-Pobox-Relay-ID: BC27EEE2-12A7-11DF-BCD3-6AF7ED7EF46B-28021239!a-pb-sasl-quonix.pobox.com I think it's time to declare my interest. The CouchDB-backed application I've been working on is now available here: http://www.deploy2.net/ It's basically an IP address database / network asset inventory. CouchDB has been a great match for this, especially some funky map-reduce logic for indexing IPv4 and IPv6 addresses, and having separate database instances for logical separation. At the moment, CouchDB sits entirely behind a Rails app, which handles the user authentication and authorization - that is, enforcing which databases you can use, and whether you have read/update/admin rights to them. If I can push enough of this logic down into CouchDB, then that would let me expose CouchDB itself to the Internet. That would give people a fast JSON-over-HTTP API for extending the service externally. It would also let me move more of the UI logic up into the browser, and the option of moving towards a CouchApp model. So that's my particular reason for having an interest in how the ACL features end up in 0.11. I'd be happy to describe how my current security model works and how it might be mapped down to CouchDB, if anyone's interested. (And if anyone's interested in the app itself, please feel free to try it out and send your comments to me off-list) Regards, Brian.