Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4E66F60EC for ; Tue, 19 Jul 2011 09:21:18 +0000 (UTC) Received: (qmail 4888 invoked by uid 500); 19 Jul 2011 09:21:14 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 4226 invoked by uid 500); 19 Jul 2011 09:21:07 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 4199 invoked by uid 99); 19 Jul 2011 09:21:03 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Jul 2011 09:21:03 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [80.244.253.218] (HELO mail.traeumt.net) (80.244.253.218) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Jul 2011 09:20:55 +0000 Received: from [192.168.178.25] (brln-4d0cca21.pool.mediaWays.net [77.12.202.33]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.traeumt.net (Postfix) with ESMTPSA id E4C3B3CA78 for ; Tue, 19 Jul 2011 11:20:34 +0200 (CEST) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Apple Message framework v1244.3) Subject: Re: OAuth for authorization (not authentication) From: Jan Lehnardt In-Reply-To: <4E25493B.9040907@yooook.net> Date: Tue, 19 Jul 2011 11:20:34 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <4AED7DD6-0911-484B-8A8B-10C1A6FF62D7@apache.org> References: <4E2433C8.3040200@yooook.net> <4E25493B.9040907@yooook.net> To: dev@couchdb.apache.org X-Mailer: Apple Mail (2.1244.3) X-Virus-Checked: Checked by ClamAV on apache.org Hi Camille, The OAuth implementation in CouchDB is very limited (due to constraints in the original development phase). The implementation does not allow fine-grained token-based access to specific contents of one or more databases inside CouchDB, but only the authentication against a CouchDB user in the CouchDB authentication layer. Once a request is auth'd, there is no more OAuth machinery inside CouchDB and you are left with CouchDB's security mechanics: http://wiki.apache.org/couchdb/Security_Features_Overview = http://blog.couchbase.com/whats-new-in-couchdb-1-0-part-4-securityn-stuff Cheers Jan --=20 On 19 Jul 2011, at 11:07, Camille Harang wrote: > Hi again, >=20 > Le 18/07/2011 15:44, Robert Newson a =E9crit : >> As also noted on IRC, you are indeed wrong, >=20 > I hope I am, I really tried to find the proper way to fully implement > OAuth authorization layer (tokens, ad hoc grant access in time and > scope: the very essence of OAuth) within the CouchDB intrinsic > techniques and philosophy, but I keep failing. >=20 >> you just don't like the >> granularity >=20 > I don't dislike or like it, but wherever I look it just appears to me > that there is just not enough of it to match the requirements of a > proper implementation of OAuth. But I believe being wrong, I'm sure I > am, I want to use Couch, can anyone point me the right direction? Once = I > know it, I will like it. >=20 > Thanks, >=20 > Cheers, >=20 > Camille. >=20 >=20 >> of the operation you are authorized to perform after >> successfully authenticating. :) >>=20 >> B. >=20 > --=20 > The Good, the Bad and the Ugly under Creative Commons! = https://yooook.net/r/lp1 >=20