From dev-return-22910-apmail-couchdb-dev-archive=couchdb.apache.org@couchdb.apache.org Sat Aug 25 08:47:35 2012 Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 445C9D3D5 for ; Sat, 25 Aug 2012 08:47:35 +0000 (UTC) Received: (qmail 38596 invoked by uid 500); 25 Aug 2012 08:47:33 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 38111 invoked by uid 500); 25 Aug 2012 08:47:27 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 38039 invoked by uid 99); 25 Aug 2012 08:47:24 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Aug 2012 08:47:24 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of bchesneau@gmail.com designates 209.85.215.180 as permitted sender) Received: from [209.85.215.180] (HELO mail-ey0-f180.google.com) (209.85.215.180) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Aug 2012 08:47:18 +0000 Received: by eaad13 with SMTP id d13so625857eaa.11 for ; Sat, 25 Aug 2012 01:46:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=KTAS+azFpLXvKHs3KBBd8ITUyzvNMheNt8y/J1wXJlI=; b=bMxUHQUYOOdYFrYee0E8B0MEeocMIQCfCzYX6WcIKVuw2dzOZlDq+l416P+P3+ukw8 bnL8iIyqLQNns/0lIcc9ia+0EZlp+jdeId6mtpNmZJkSDbyjIODhhlBmN0vAd66yj4z2 +zPb+sVuCU+0MHlUYSLMvCUApI1EOfSXjj7rj36Qj57Y2hS7YuxWHv55uGjljAQ1wpaA Ua2Q2skc1Lee2upHfQoPgq8NtgVNSN8vZYpwpiKuljbYGUnLy8+nAKC92UDQsRBqjWVJ wUpY7t4pvii2y62S9GhNY5MyXAsmJ3TYpAm0kPFUIoLuCu2+rxqSNSxG2KvJB1THC9p6 7YOw== MIME-Version: 1.0 Received: by 10.14.4.198 with SMTP id 46mr10691064eej.11.1345884418136; Sat, 25 Aug 2012 01:46:58 -0700 (PDT) Received: by 10.14.175.196 with HTTP; Sat, 25 Aug 2012 01:46:57 -0700 (PDT) In-Reply-To: References: Date: Sat, 25 Aug 2012 10:46:57 +0200 Message-ID: Subject: Re: Merge in new authentication code From: Benoit Chesneau To: dev@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 On Aug 25, 2012 3:27 AM, "Jason Smith" wrote: > > Hi, developers. > > At Iris Couch, we have used two third-party CouchDB extensions for a > very long time. I would like to merge both of them into master. They > provide alternative ways to create a CouchDB user and to log in to > CouchDB. > > Both mechanisms use a third-party authenticator which basically tells > CouchDB that the person is who they say they are. Both mechanisms then > create a local CouchDB _users document. So you can set a .password > value and have both types of authentication. > > ## Mozilla Persona > > Written by Randall, used in production here for a year. This is > hands-down the easiest way for developers to add logins to their Couch > apps. See https://github.com/iriscouch/browserid_couchdb#so-simple > > ## CouchDB-XO_Auth > > Created by Ocasta, this is basically a general OAuth implementation. > It already works against Facebook and I am now making sure it works > with GitHub too. It has the same autovivication feature for > newly-authenticated users. These extensions are nice but I don't think they should be part of the couchdb distribution. In my opinion we should keep the couchdb simple and only target core features which are imo Document oriented, Views, CouchApps . (couchapps and views could be also considered as core features extensions). Which doesn't mean we shouldn't support new addons, and for me the best way to do that is to ease their installation and management in couch and provide tools to make your own distribution. Also, adding these addons in couch will slow down the development of such extensions. Fix would only happen when couch is released which is imo bad. Especially for the 2 extensions you mention since theyr are moving target (persona is not yet a stable protocol nor widely used and the other connect to proprietary oauth extensions which can be changed ahen the commercial entity want). Keeping them out the core distribution is better for them. Maybe as sub-projects? Not sure it worth the admin stuff. - benoit