couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Dionne <dio...@dionne-associates.com>
Subject Re: Merge in new authentication code
Date Sat, 25 Aug 2012 11:11:25 GMT

On Aug 25, 2012, at 4:46 AM, Benoit Chesneau <bchesneau@gmail.com> wrote:

> On Aug 25, 2012 3:27 AM, "Jason Smith" <jhs@apache.org> wrote:
>> 
>> Hi, developers.
>> 
>> At Iris Couch, we have used two third-party CouchDB extensions for a
>> very long time. I would like to merge both of them into master. They
>> provide alternative ways to create a CouchDB user and to log in to
>> CouchDB.
>> 
>> Both mechanisms use a third-party authenticator which basically tells
>> CouchDB that the person is who they say they are. Both mechanisms then
>> create a local CouchDB _users document. So you can set a .password
>> value and have both types of authentication.
>> 
>> ## Mozilla Persona
>> 
>> Written by Randall, used in production here for a year. This is
>> hands-down the easiest way for developers to add logins to their Couch
>> apps. See https://github.com/iriscouch/browserid_couchdb#so-simple
>> 
>> ## CouchDB-XO_Auth
>> 
>> Created by Ocasta, this is basically a general OAuth implementation.
>> It already works against Facebook and I am now making sure it works
>> with GitHub too. It has the same autovivication feature for
>> newly-authenticated users.
> 
> These extensions are nice but I don't think they should be part of the
> couchdb distribution.
> 
> In my opinion we should keep the couchdb simple and only target core
> features which are imo Document oriented, Views, CouchApps . (couchapps
> and views could be also considered as core features extensions).  Which
> doesn't mean we shouldn't support new addons, and for me the best way to
> do that is to ease their installation and management in couch and
> provide tools to make your own distribution.

+1 

> 
> Also, adding these addons in couch will slow down the development of such
> extensions. Fix would only happen when couch is released which is imo
> bad. Especially for the 2 extensions you mention since theyr are moving
> target (persona is not yet a stable protocol nor widely used and the
> other connect to proprietary oauth extensions which can be changed ahen
> the commercial entity want). Keeping them out the core distribution is
> better for them.
> 
> Maybe as sub-projects? Not sure it worth the admin stuff.
> 
> - benoit


Mime
View raw message