Eric,
I like the idea of OAuth incorporated down the line.
Also, It seems as if Brian and yourself are talking more in general about a
Multi-Tenancy environment within a single CouchDB or is it not as grand of
an idea yet ? ( "Are we there yet?" )
-Thad
On Jun 26, 2009 3:55am, eric casteleijn <[email protected]>
wrote:
Brian Candler wrote:
On Wed, Jun 24, 2009 at 07:55:36AM -0400, Elliot Murphy wrote:
In fact, this effort to run a CouchDB for every single user account on a
computer
Interesting. A few questions:
Hi Brian,
Elliot's on holiday, so I'm going to be presumptious and respond in his
stead. I hope I don't say anything too far from the truth.
(1) What stops user A from accessing user B's data? Will this be done with
HTTP authentication?
Perhaps in this context it might make more sense to use a Unix domain
socket, but then again, nobody talks HTTP over those :-(
We've thought about using sockets, and while that would be a good way to
do it, it would also mean a lot of work making HTTP client libraries work
with that.
We think this could be more easily solved by having authorization in
CouchDB, and we're talking with Jan and Chris about adding OAuth to
CouchDB.
OAuth is a good candidate since it's explicitly meant for authenticating
applications with servers over HTTP, so it's a good fit for our use case,
where the server happens to live on the same machine, but also a good fit
for talking to CouchDB on a remote server.
(2) Is the per-user Erlang/CouchDB process going to be started when the
user
logs into the graphical desktop (gdm/kdm?)
What about having a single system-wide CouchDB instance instead of
spawning
a new Erlang VM for each user? Then at least, if I log into my home
machine
via ssh (while not logged into the console), the service would still be
there.
For Ubuntu, the per-user process will be started up by being prompted
from a DBUS service. We're making a DBUS service that handles getting
OAuth credentials from the Gnome keyring and ensuring that the user's
CouchDB is running.
We thought about having a system-wide CouchDB, and having separate
databases for each user. This is hard, though, because we want to have
the database files be in each user's home directory, so that they get
backed-up and so on in a way that users expect. We also don't want to run
CouchDB as root. So, we're setting things up with one CouchDB server per
user.
It would be easy to set up CouchDB to be running all the time, for users
who want that. We need to make sure it doesn't affect the whole system's
start-up and log in time, though, so that makes starting CouchDB on
demand more attractive.
Hope this helps,
--
- eric casteleijn
http://www.canonical.com
