couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Smith <...@apache.org>
Subject Persona and BrowserID integration
Date Mon, 29 Jul 2013 02:42:56 GMT
(Breaking off from the "IRC meeting" thread.)

Credit where it's due: The initial push for Persona in CouchDB came
from Randall Leeds.

Dirkjan says to use the hosted include.js file instead of serving it
internally. I kind of agree, but note that CouchDB hosts its own
JQuery. The priority is not that we match the latest spec, the
priority is that people can log in.

CouchDB should support disconnected operation. Where possible, we
should be able to authenticate without depending on a third-party over
the Internet. However I would like to achieve that by various
milestones of partial completion.

There are two (known) areas where my implementation relies on third parties.

1. The include.js file
2. Validating the client signature over browserid.org/verify

At this time, for #1 we host our own copy, and for #2 we outsource to
the browserid.org web service, so that is inconsistent. I am thinking
of the following milestones:

1. Everything outsourced.
  * Link to browserid.org for include.js
  * Call out to browserid.org for signature validation
2. Erlang implementation of signature validation. This will take some
R&D, could be a nice newbie project
3. Once Couch can do all the crypto "in-house," provide an option to
use either the self-contained implementation or else the
Internet-ready implementation. Most Persona logins will be to an
Internet server with a gmail.com address.

My definition of success:

1. Install CouchDB on a LAN
2. Install a free software identity provider (IdP)
3. Disconnect the LAN
4. Create email accounts
5. Authenticate to CouchDB over BrowserID

Mime
View raw message