Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 29603 invoked from network); 21 Aug 2010 04:32:44 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 21 Aug 2010 04:32:44 -0000 Received: (qmail 82361 invoked by uid 500); 21 Aug 2010 04:32:43 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 81932 invoked by uid 500); 21 Aug 2010 04:32:40 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 81924 invoked by uid 99); 21 Aug 2010 04:32:39 -0000 Received: from Unknown (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 21 Aug 2010 04:32:39 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of samuelgoto@gmail.com designates 209.85.216.52 as permitted sender) Received: from [209.85.216.52] (HELO mail-qw0-f52.google.com) (209.85.216.52) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 21 Aug 2010 04:32:18 +0000 Received: by qwj8 with SMTP id 8so4908728qwj.11 for ; Fri, 20 Aug 2010 21:31:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=Cr6QXvD0krhqQdZXX/dn89ADfYYmjpNs5adauDLVUQI=; b=Y+aBQln0kF72fHJOVXxyMNKRpvRFLRS9CTEIaRStChOd22RakD7e2+GZOQYQ7KJTPv XiyhJzdSjnm6+AGMrkBlfXUYPtnlUGLYjsYH9bQqa0lvseN+KpIN+txnup9kJcKtLyEh jvLE6Pwc8H5HYjHvGk+bNB9k5ygRIPHOmEQ5A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=a5dJmv4ibxJltUvVEMuoCW4CCKpp0nINC+QqUH5hEZEZ2XRIsruHqySssc0qQMi2Ew DwfU7V7oq6j9JxSO+ZJZchmKwxLAvExY1qaTC+cpiFSQsfDOn14c2FzH5UaOUgkkG6QN +ruY+Xk6oMDNWTjSHUvTlLDueAFho27GCKmbk= MIME-Version: 1.0 Received: by 10.224.103.130 with SMTP id k2mr1581096qao.63.1282365116388; Fri, 20 Aug 2010 21:31:56 -0700 (PDT) Received: by 10.229.23.196 with HTTP; Fri, 20 Aug 2010 21:31:56 -0700 (PDT) In-Reply-To: <305377FE-ACE8-4D67-BB02-8B78BB2B45F8@apache.org> References: <305377FE-ACE8-4D67-BB02-8B78BB2B45F8@apache.org> Date: Fri, 20 Aug 2010 21:31:56 -0700 Message-ID: Subject: Re: What are the contents of userCtx in validators ? From: sgoto To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary=000feaeadea23c1851048e4de507 X-Virus-Checked: Checked by ClamAV on apache.org --000feaeadea23c1851048e4de507 Content-Type: text/plain; charset=ISO-8859-1 On Wed, Aug 4, 2010 at 7:01 AM, J Chris Anderson wrote: > > On Aug 3, 2010, at 8:30 PM, sgoto wrote: > > > Hey everyone, > > > > According to this page: > > > > http://books.couchdb.org/relax/design-documents/validation-functions > > > > An administrator could write validation function to ensure the data > that > > gets written to couchdb is validated. I'm interested in adding some > PGP-like > > signing of documents for authentication. I'm also interested in md5ing > the > > contents of the message to ensure integrity, but i'll leave that for > later. > > > > This leads me to the following question: > > > > What are the contents of userCtx in the validator's signature ? > > > > function(newDoc, oldDoc, userCtx) { > > throw({forbidden : 'no way'}); > > } > > > > the best way to learn this is to do > > log(userCtx) inside your function. > > the contents of the userCtx are minimal, just name and roles. The idea > behind this is to make a narrow lowest common denominator so LDAP, kerberos, > etc can all work with existing apps. > > > > > would it be the contents of the authentication database ? > > > > http://wiki.apache.org/couchdb/Security_Features_Overview > > http://wiki.apache.org/couchdb/Authentication_and_Authorization > > > > { > > "_id" : "org.couchdb.user:joe", > > "type" : "user", > > "name" : "joe", > > "roles" : ["erlanger"], > > "password_sha" : "fe95df1ca59a9b567bdca5cbaf8412abd6e06121", > > "salt" : "4e170ffeb6f34daecfd814dfb4001a73" > > } > > > > > > any existing work/library/method (eg CA vs web of trust, storing > encrypted > > documents, signing, integrity, etc) that I should be aware of ? > > > > Hard part is getting something to sign. I have started this project here: > > http://github.com/jchris/canonical-json > > this is a very interesting library @jchris. i'm not sure a canonical representation of a json is absolutely necessary, if you are signing binary base64 data for example. i am interesting in having authentication and authorization to be done with PGP/GPG certificates (to make sure replication works with untrusted nodes). how far have you gotten with parsing/extracting/verifying PGP certificates (you seem to be using the same library i am to parse/extract/verify PGP certificates http://github.com/jchris/canonical-json/tree/master/www.hanewin.net/) ? > (plz ignore the name) > > Chris > > > -- > > f u cn rd ths u cn b a gd prgmr ! > > -- f u cn rd ths u cn b a gd prgmr ! --000feaeadea23c1851048e4de507--