Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 26470 invoked from network); 6 Sep 2010 16:39:32 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 6 Sep 2010 16:39:32 -0000 Received: (qmail 9306 invoked by uid 500); 6 Sep 2010 16:39:30 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 9255 invoked by uid 500); 6 Sep 2010 16:39:30 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 9247 invoked by uid 99); 6 Sep 2010 16:39:29 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Sep 2010 16:39:29 +0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.85.212.180] (HELO mail-px0-f180.google.com) (209.85.212.180) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Sep 2010 16:39:23 +0000 Received: by pxi7 with SMTP id 7so3486805pxi.11 for ; Mon, 06 Sep 2010 09:39:02 -0700 (PDT) Received: by 10.114.136.19 with SMTP id j19mr250813wad.170.1283791142236; Mon, 06 Sep 2010 09:39:02 -0700 (PDT) Received: from [10.0.1.2] (c-24-130-240-73.hsd1.ca.comcast.net [24.130.240.73]) by mx.google.com with ESMTPS id x9sm11563064waj.3.2010.09.06.09.39.00 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 06 Sep 2010 09:39:01 -0700 (PDT) Sender: J Chris Anderson Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Apple Message framework v1081) Subject: Re: Best performing login implementation? From: J Chris Anderson In-Reply-To: <6161665A-8BBB-4441-9FE9-37918CE35446@gmail.com> Date: Mon, 6 Sep 2010 09:38:58 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <3DAC56D6-6DB8-4A3E-8A36-453E42AE3AF6@apache.org> References: <33F12002-C2C7-4F38-9010-F4B168D688A3@gmail.com> <6161665A-8BBB-4441-9FE9-37918CE35446@gmail.com> To: user@couchdb.apache.org X-Mailer: Apple Mail (2.1081) On Sep 6, 2010, at 8:50 AM, Wout Mertens wrote: > On Sep 6, 2010, at 17:24 , J Chris Anderson wrote: >=20 >> Also it is worth noting that CouchDB has a builtin authentication = system that gets this right, and you might just be able to piggyback on = it, depending on your application: >>=20 >> = http://blog.couch.io/post/1027100082/whats-new-in-couchdb-1-0-part-4-secur= ityn-stuff >=20 > So the security model is: > - Admins can do everything on all local databases > - Readers can read the entire database > - Writes can have any model you like with validation functions >=20 > So if you want to segment your database readers you have to segment = your databases. >=20 Yes. > Furthermore, if you would like to use LDAP authentication, you'd have = to use an LDAP-to-OAuth server. >=20 It should be a very simple patch to add new Erlang authentication = handlers for things like LDAP, Kerberos, etc. That might be simpler than = adding a bunch of glue to speak OAuth. > Correct? >=20 > Wout.