2009/3/8 Jens Alfke : > I think something like this would be nearly mandatory in a fully-distributed > usage of CouchDB, a network of nodes that cannot all trust each other. The > only way to trust the documents being replicated through the system is for > each document to independently assert its creator and its integrity. That's > what signatures give you. > Ok so with this this system you know that person X has signed this doc and is its author. But how do you trust person X ? How do you tell to your node that it can trust X and all its document or refuse this doc because it don't know person X ? Technically I thought to maintain per Node and maybe per db a list of known identities in a database (or maybe on a file). But how could you invite other nodes to trust authors you trust ? On the other hand , in a distributed system i think that we need to identify who was the author, which is allowed by your method, but also identify who can read, edit this document and keep history of modifications across authors / nodes to validate final doc. Think it's important, in particularly in organisations that need to track documents' flow. Maybe we could add public signature of targeted nodes in signature ? So each node could validate doc during replication ? We would have something like : "signature": { "signed": ... ... "to": [ { "algo": ..., "bits": ..., "data":.... }, ... ] } (maybe signed could be renamed "from") and a property history to the doc : "history": [ { "date": ..., "node_uri": ..., "node_signature" ... } ] each time you add a new target "to" updated. to can became too large, so maybe having only last target and add them to history (previous_targets property) is enough. That's the idea, what do you think about it ? - benoît