couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Smith <...@nodejitsu.com>
Subject Re: Persona and BrowserID integration
Date Mon, 29 Jul 2013 10:02:27 GMT
Thanks Dirkjan (and Jan).

Yes, so the first milestone is definitely a standard RP mode working
against browserid.org's web services.

To clarify, "tinfoil hat" mode is actually just a complete
implementation of the RP role, notably that it does not require the
POST to browserid.org/verify to verify an assertion. Thus, CouchDB
could be used on an intranet where an existing IdP exists. The IdP is
out of scope, but I expect to install one to test CouchDB when that
time comes.

Tinfoil hat mode is perfectly cromulent, I just called it that due to
recent news about wiretaps and that stuff.

On Mon, Jul 29, 2013 at 4:03 PM, Dirkjan Ochtman <dirkjan@ochtman.nl> wrote:
> On Mon, Jul 29, 2013 at 6:13 AM, Jason Smith <jason.h.smith@gmail.com> wrote:
>> Thanks, Jim. That is basically my plan. To be clear, I would ship
>> "outsourced mode" (browserid.org hosted JavaScript and verification)
>> in a CouchDB release. It's just that I would work to get "tinfoil hat
>> mode" added in for a subsequent release. Outsourced mode already
>> exists (modulo a rewrite and unit tests) as a plugin, but I want to
>> merge it in.
>
> Running the verification inside CouchDB is very sane. It looks like
> local verification will be the recommended approach anyway in the near
> future.
>
>> I am not sure if I understand you exactly. Persona is a three-party
>> protocol between users, relying parties (RPs) and identity providers
>> (IdPs). I am talking about RP support for CouchDB. AFAIK there is a
>> bit of mere-mortal cypto to do but it does not require IdP support.
>
> Your tinfoil hat mode is a bit weird. If you're doing disconnected
> operation, you can only connect to Identity Providers inside the LAN,
> so general RP support becomes impossible, so it's a pretty crippled
> setup.
>
> Cheers,
>
> Dirkjan


-- 
Nodejitsu

Mime
View raw message