couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zach Lym <zach...@indolering.com>
Subject Document Signing
Date Sat, 15 Feb 2014 01:29:01 GMT
I have reviewed the document signing wiki article, the google doc proposal,
as well as the mailing list thread, and even glanced over JimKo's code (
http://goo.gl/xlHkRW) and wanted to checkin on the right way to do this.

It looks like this subject has popped up occasionally but died for lack of
interest.  One of the identified sticking points was the lack of a good
spec on how to handle signed JSON.  However, the IETF JSON Web
Signature draft  (http://goo.gl/i5aoWV)  has gone through some 20
revisions, it has object serialization but I don't see any canonical
default ordering.  Perhaps I am missing something, however the status
changed to "last call" status about a month ago.  If you have any input,
now would be the time to do so : )

As far as actually implementing it I haven't run into any code which uses
it in validate_doc_update.  There are, however, at least two libraries that
should work as part of a CouchApp:

* Mozilla's jwcrypto which is uses for BrowserID/Personas but it looks
rather large https://github.com/mozilla/jwcrypto
* jsrsasign from an indie developer but it comes with ready-to-use minified
versions  https://github.com/kjur/jsrsasign

It appears that it would be pretty easy to require('path/to/jsrasign') in
validate_doc_update, unless I'm missing something?

Thank you,
-Zach Lym

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message