Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 907EB106D5 for ; Mon, 29 Jul 2013 16:08:35 +0000 (UTC) Received: (qmail 27948 invoked by uid 500); 29 Jul 2013 16:08:35 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 27636 invoked by uid 500); 29 Jul 2013 16:08:34 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 27623 invoked by uid 99); 29 Jul 2013 16:08:33 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Jul 2013 16:08:33 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jason.h.smith@gmail.com designates 209.85.214.170 as permitted sender) Received: from [209.85.214.170] (HELO mail-ob0-f170.google.com) (209.85.214.170) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Jul 2013 16:08:27 +0000 Received: by mail-ob0-f170.google.com with SMTP id vb8so4870176obc.15 for ; Mon, 29 Jul 2013 09:08:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type; bh=t1Lb6kvBgcRIsinWdu2yLTkcrHLp0imQhfeKrYkwgho=; b=qRts/GLXiw09IplSNSw/dw5vJRsZ2o2DXQysiw2NImxKm5g7CozWlgpDWosUh6BeMy 9+fH64ss5FB72tHj2mJQkJ87/CQJKk4FflL0AOEpPRJYK3iUNSf5tT1gaKRtC43secbf 9W6FU7otDHNu0zo+1CvftyAklm3YmP6uubK87+jCc0kVdLztgf0ymZXKNBAeE4dpBVtu /zcXbdIfs3qCU63UEpv33xCJFULwtgafCncfY2XnYrbI9XNYxlBcHQdaoUG9eZlgR5x6 7ZUCcA5lLpbwGTIG5RcgQgS3WGlRgTepGlnfnIfr98L7k72HCpAvYjLILA2sSWBO/BKk /Trg== X-Received: by 10.182.236.169 with SMTP id uv9mr47834282obc.59.1375114087167; Mon, 29 Jul 2013 09:08:07 -0700 (PDT) MIME-Version: 1.0 Sender: jason.h.smith@gmail.com Received: by 10.182.103.133 with HTTP; Mon, 29 Jul 2013 09:07:47 -0700 (PDT) In-Reply-To: References: <278988D5-8E9C-46C0-BD39-A1AA28C6B15D@sri.com> From: Jason Smith Date: Mon, 29 Jul 2013 23:07:47 +0700 X-Google-Sender-Auth: Y8_HQDzDd0N1_RtYvoXeAgY79QE Message-ID: Subject: Re: Persona and BrowserID integration To: "dev@couchdb.apache.org" Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked by ClamAV on apache.org This is an interesting argument. Dale, what do you think about the value of "official" Persona support in CouchDB, versus the possibility that it becomes a plugin "killer app" or at least a decent reference implementation? The plugin has existed for a while; however it has gotten very little use, in part because the whole concept of a plugin is ill-defined and brittle. You need to set ERL_ZFLAGS to activate it, to say nothing of compiling. Also, note that I also plan to merge the OAuth plugin. Something I could see being a plugin indefinitely is couchdb_pingquery, although the state of the plugin system is still extremely anemic. On Mon, Jul 29, 2013 at 10:24 PM, Dale Harvey wrote: > On the topic of browser_id support in CouchDB, it feels like this is a big > chance to push for usable plugins, should the aim for this not to be > included into core but to be available as a one click install from > futon/fauxton (this and geocouch seem prime candidates)? > > This isnt because I dont want browser_id support, I most definitely do, I > recently wrote a node equivalent to Jasons browser_id plugin for the only > reason that it would be easier for users to install / use on their local > CouchDB instance. > > But we have a problem of support for anything 3rd party needing to be > merged to core to be usable which is very much conflicting with peoples > ability to get stuff done, the browser_id / geocouch and cors support have > been around a long time but are mostly only available to the dedicated few > (cors did eventually get merged), I would love to see a couchdb where the > browser_id plugin was available to all users of couchdb the day you > finished writing it, not (3?) years later > > > > On 29 July 2013 11:26, Jason Smith wrote: > >> Perfect, that is exactly what I will need. However, the first >> milestone is rewrite my plugin in a branch, and hit the first >> milestone. >> >> On Mon, Jul 29, 2013 at 5:19 PM, Dirkjan Ochtman >> wrote: >> > On Mon, Jul 29, 2013 at 12:02 PM, Jason Smith wrote: >> >> To clarify, "tinfoil hat" mode is actually just a complete >> >> implementation of the RP role, notably that it does not require the >> >> POST to browserid.org/verify to verify an assertion. Thus, CouchDB >> >> could be used on an intranet where an existing IdP exists. The IdP is >> >> out of scope, but I expect to install one to test CouchDB when that >> >> time comes. >> > >> > This might be useful inspiration: https://bitbucket.org/djc/persona-totp >> . >> > >> > Cheers, >> > >> > Dirkjan >> >> >> >> -- >> Nodejitsu >>