couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirkjan Ochtman <dirk...@ochtman.nl>
Subject Re: Persona and BrowserID integration
Date Mon, 29 Jul 2013 09:03:50 GMT
On Mon, Jul 29, 2013 at 6:13 AM, Jason Smith <jason.h.smith@gmail.com> wrote:
> Thanks, Jim. That is basically my plan. To be clear, I would ship
> "outsourced mode" (browserid.org hosted JavaScript and verification)
> in a CouchDB release. It's just that I would work to get "tinfoil hat
> mode" added in for a subsequent release. Outsourced mode already
> exists (modulo a rewrite and unit tests) as a plugin, but I want to
> merge it in.

Running the verification inside CouchDB is very sane. It looks like
local verification will be the recommended approach anyway in the near
future.

> I am not sure if I understand you exactly. Persona is a three-party
> protocol between users, relying parties (RPs) and identity providers
> (IdPs). I am talking about RP support for CouchDB. AFAIK there is a
> bit of mere-mortal cypto to do but it does not require IdP support.

Your tinfoil hat mode is a bit weird. If you're doing disconnected
operation, you can only connect to Identity Providers inside the LAN,
so general RP support becomes impossible, so it's a pretty crippled
setup.

Cheers,

Dirkjan

Mime
View raw message