Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 62740 invoked from network); 4 Aug 2010 03:30:40 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 4 Aug 2010 03:30:40 -0000 Received: (qmail 21654 invoked by uid 500); 4 Aug 2010 03:30:39 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 21545 invoked by uid 500); 4 Aug 2010 03:30:36 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 21535 invoked by uid 99); 4 Aug 2010 03:30:35 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Aug 2010 03:30:35 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of samuelgoto@gmail.com designates 209.85.216.52 as permitted sender) Received: from [209.85.216.52] (HELO mail-qw0-f52.google.com) (209.85.216.52) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Aug 2010 03:30:30 +0000 Received: by qwf7 with SMTP id 7so3713704qwf.11 for ; Tue, 03 Aug 2010 20:30:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=bDUx2F7XzUfApra7b3gVKUnN/tuonmqI5hLWul1OFN0=; b=CkWKnFKSZs+pRGmTTtG3PYMZnFAbc/+yHjazfEEUHUPgZWEqc1CND3JuEC4gwNTKgc jphIGLjUUQyG6jjHnD/mfTfeNxcoAaQYX9d+nhES+z5e0kCqED+n1O+kxRGNQEX5VEnh 1OhjBafFZ6En8ILZQ6LO86/sghXsovzTawqjY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=PCiKfDdOS52o31iP4viBJHCyUmeR5evmwzgpbH1sZbVUaeazMQC5zCtVeNDNJtZIyk 2HdxlFJMzewRx+bfyo1G2h2XO5N7Qw1UDgg8nBU2bNHi1zjCN5yxC0e/TUj2DX5wN1cO AeGI2hhOnVS2lI5MnEEKdaG8wdTwGIE5EuKW4= MIME-Version: 1.0 Received: by 10.229.11.32 with SMTP id r32mr1790755qcr.242.1280892609154; Tue, 03 Aug 2010 20:30:09 -0700 (PDT) Received: by 10.229.4.2 with HTTP; Tue, 3 Aug 2010 20:30:09 -0700 (PDT) Date: Tue, 3 Aug 2010 20:30:09 -0700 Message-ID: Subject: What are the contents of userCtx in validators ? From: sgoto To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary=0016364ed608f6cdd2048cf70ca0 --0016364ed608f6cdd2048cf70ca0 Content-Type: text/plain; charset=ISO-8859-1 Hey everyone, According to this page: http://books.couchdb.org/relax/design-documents/validation-functions An administrator could write validation function to ensure the data that gets written to couchdb is validated. I'm interested in adding some PGP-like signing of documents for authentication. I'm also interested in md5ing the contents of the message to ensure integrity, but i'll leave that for later. This leads me to the following question: What are the contents of userCtx in the validator's signature ? function(newDoc, oldDoc, userCtx) { throw({forbidden : 'no way'}); } would it be the contents of the authentication database ? http://wiki.apache.org/couchdb/Security_Features_Overview http://wiki.apache.org/couchdb/Authentication_and_Authorization { "_id" : "org.couchdb.user:joe", "type" : "user", "name" : "joe", "roles" : ["erlanger"], "password_sha" : "fe95df1ca59a9b567bdca5cbaf8412abd6e06121", "salt" : "4e170ffeb6f34daecfd814dfb4001a73" } any existing work/library/method (eg CA vs web of trust, storing encrypted documents, signing, integrity, etc) that I should be aware of ? -- f u cn rd ths u cn b a gd prgmr ! --0016364ed608f6cdd2048cf70ca0--