Return-Path: 
 <user-return-8405-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: (qmail 66075 invoked from network); 10 Jan 2010 19:09:21 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 10 Jan 2010 19:09:21 -0000
Received: (qmail 60037 invoked by uid 500); 10 Jan 2010 19:09:20 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 59965 invoked by uid 500); 10 Jan 2010 19:09:20 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 59955 invoked by uid 99); 10 Jan 2010 19:09:20 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 10 Jan 2010 19:09:20 +0000
X-ASF-Spam-Status: No, hits=2.2 required=10.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of ccinnebar@gmail.com designates
 209.85.160.56 as permitted sender)
Received: from [209.85.160.56] (HELO mail-pw0-f56.google.com) (209.85.160.56)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 10 Jan 2010 19:09:10 +0000
Received: by pwj16 with SMTP id 16so1081596pwj.35
        for <user@couchdb.apache.org>; Sun, 10 Jan 2010 11:08:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type;
        bh=AJ54EQFW6kLbuJMJ8TACtDAUCna9dI7O+zxJsPvRKzU=;
        b=Cb1hkbNwXpqHBNPgp6CEWA09KvFIXEXo1h/qvncxUMXl/GalGKiqZ7XZhMi708ffk3
         5VFF70Wf54QLYjkGwf+FKHCfOKlC70sKNn8ZIDhRvXCDVblNf2+03awkQHcGv3T5o0Ru
         xejVTTQKGOOkuWgVaCOyP80J9UKB47wLKQcqI=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=yA9hLoBnav+1zXrOy4Kwht8Ki7NQKOmcWMwvSGIFseW9GQmwFBRXjO+vlNux1fmxCj
         S4i4W/nNMjlz/KNfO2O583CSeFsTmoiKRznONUn317KtpEdouXe5Gdsy7gW7vmnvg0YQ
         6ysXO/OsZd+xZuhKJRvJ/kEbz5oUJPLXxIcVg=
MIME-Version: 1.0
Received: by 10.114.138.20 with SMTP id l20mr1721236wad.91.1263150529492;
 Sun,
	10 Jan 2010 11:08:49 -0800 (PST)
In-Reply-To: <e282921e1001101037r4bce11e1l7b617ab3eefec111@mail.gmail.com>
References: <214c385b1001090734p10d3a5a6rfb8ef28d55df9e90@mail.gmail.com>
	 <e282921e1001091041y16751954q20148ba4f32db614@mail.gmail.com>
	 <1bca98391001091122x437b65e2jbf3204986872eb20@mail.gmail.com>
	 <594289661001091319t1936aa12ve7894bb033bf3778@mail.gmail.com>
	 <e282921e1001091909u34222cfaq5dce9f1b8deb5774@mail.gmail.com>
	 <87f645c81001092254q67c69076l8195bd3f8ebf4f31@mail.gmail.com>
	 <e282921e1001101019r42b7dccdo2b9618fc5d1924a2@mail.gmail.com>
	 <87f645c81001101030q24b1c5fdlf8516b260061b16f@mail.gmail.com>
	 <e282921e1001101037r4bce11e1l7b617ab3eefec111@mail.gmail.com>
Date: Mon, 11 Jan 2010 06:08:49 +1100
Message-ID: <87f645c81001101108j18c389c3ya2e4719e432e3510@mail.gmail.com>
Subject: Re: Initial couchdb accounts feedback
From: cinnebar <ccinnebar@gmail.com>
To: user@couchdb.apache.org
Content-Type: multipart/alternative; boundary=0050450293ce9bb804047cd42678
X-Virus-Checked: Checked by ClamAV on apache.org

--0050450293ce9bb804047cd42678
Content-Type: text/plain; charset=ISO-8859-1

Im going to need more time to look at it
i suspect we validate against a"'cat" field which effectively means that
user is a type of namespaced role and other roles are also values keyed by
"cat".

in the long run we intend to add more stuff to this db

we considered naming the db "auth" but we decided to use something like auth
to define the process rather than the data it uses here


cheers

On Mon, Jan 11, 2010 at 5:37 AM, Chris Anderson <jchris@apache.org> wrote:

> On Sun, Jan 10, 2010 at 10:30 AM, cinnebar <ccinnebar@gmail.com> wrote:
> >>
> >> you can override the db name by setting
> >>
> >> [couch_httpd_auth]
> >> authentication_db = usr
> >>
> >> in your local.ini
> >>
> >>
> > this is good :)
> >
> >
> >> overriding "roles" would involve a nasty code change. I don't think
> >> it's worth it.
> >>
> >>
> > hmm...not so good...it breaks an important pattern for us
> >
> >
> > right now the only documents allowed are of type "user". I originally
> >> had it set to be more open, but I think it's better to treat this db
> >> more strictly.
> >>
> >
> > it seems to be an unneccessy property then?
> >
>
> Nope. The deal is we have a strict validation function that validates
> user docs. we also check to make sure a doc is a user doc when you log
> in. putting the type on there means it's something about the doc we
> check (not where we found the doc) that proves it's valid. This means
> in the long run we can add more stuff to this db.
>
> If I was gonna name the db from scratch I might name it "auth".
>
> Chris
>
>
>
>
>
> --
> Chris Anderson
> http://jchrisa.net
> http://couch.io
>

--0050450293ce9bb804047cd42678--