Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 14638 invoked from network); 4 Aug 2010 14:01:44 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 4 Aug 2010 14:01:44 -0000 Received: (qmail 89832 invoked by uid 500); 4 Aug 2010 14:01:42 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 89539 invoked by uid 500); 4 Aug 2010 14:01:40 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 89490 invoked by uid 99); 4 Aug 2010 14:01:39 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Aug 2010 14:01:39 +0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.85.210.52] (HELO mail-pz0-f52.google.com) (209.85.210.52) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Aug 2010 14:01:33 +0000 Received: by pzk27 with SMTP id 27so3139123pzk.11 for ; Wed, 04 Aug 2010 07:01:13 -0700 (PDT) Received: by 10.114.61.8 with SMTP id j8mr6901286waa.228.1280930472945; Wed, 04 Aug 2010 07:01:12 -0700 (PDT) Received: from [192.168.1.102] (c-98-248-172-14.hsd1.ca.comcast.net [98.248.172.14]) by mx.google.com with ESMTPS id c24sm15926224wam.19.2010.08.04.07.01.10 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 04 Aug 2010 07:01:11 -0700 (PDT) Sender: J Chris Anderson Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Apple Message framework v1081) Subject: Re: What are the contents of userCtx in validators ? From: J Chris Anderson In-Reply-To: Date: Wed, 4 Aug 2010 07:01:10 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <305377FE-ACE8-4D67-BB02-8B78BB2B45F8@apache.org> References: To: user@couchdb.apache.org X-Mailer: Apple Mail (2.1081) On Aug 3, 2010, at 8:30 PM, sgoto wrote: > Hey everyone, >=20 > According to this page: >=20 > http://books.couchdb.org/relax/design-documents/validation-functions >=20 > An administrator could write validation function to ensure the data = that > gets written to couchdb is validated. I'm interested in adding some = PGP-like > signing of documents for authentication. I'm also interested in md5ing = the > contents of the message to ensure integrity, but i'll leave that for = later. >=20 > This leads me to the following question: >=20 > What are the contents of userCtx in the validator's signature ? >=20 > function(newDoc, oldDoc, userCtx) { > throw({forbidden : 'no way'}); > } >=20 the best way to learn this is to do log(userCtx) inside your function. the contents of the userCtx are minimal, just name and roles. The idea = behind this is to make a narrow lowest common denominator so LDAP, = kerberos, etc can all work with existing apps. >=20 > would it be the contents of the authentication database ? >=20 > http://wiki.apache.org/couchdb/Security_Features_Overview > http://wiki.apache.org/couchdb/Authentication_and_Authorization >=20 > { > "_id" : "org.couchdb.user:joe", > "type" : "user", > "name" : "joe", > "roles" : ["erlanger"], > "password_sha" : "fe95df1ca59a9b567bdca5cbaf8412abd6e06121", > "salt" : "4e170ffeb6f34daecfd814dfb4001a73" > } >=20 >=20 > any existing work/library/method (eg CA vs web of trust, storing = encrypted > documents, signing, integrity, etc) that I should be aware of ? >=20 Hard part is getting something to sign. I have started this project = here: http://github.com/jchris/canonical-json (plz ignore the name) Chris > --=20 > f u cn rd ths u cn b a gd prgmr !