On 28.04.2008, at 18:27, Damien Katz wrote:
Here are my thoughts on what we need for before we can get to
CouchDB 1.0. Feedback please.
Must have:
[...]
Security/Document validation: We need a way to control who can
update what documents and to validate the updates are correct. This
is absolutely necessary for offline replication, where replicated
updates to the database do not come through the application layer.
[...]
Don't Need:
Authentication. We can go to 1.0 without authentication, relying
instead on local proxies to provide authentication.
So how would we provide authorization without authentication? There
needs to be some way to identify who's making a request, and if we
plan to rely on proxies for that, those proxies need to provide a way
to pass on the authentication results (e.g. REMOTE_USER). I suspect
they don't do that, but I may be wrong.
Cheers,
--
Christopher Lenz
cmlenz at gmx.de
http://www.cmlenz.net/
