On Fri, Jul 10, 2009 at 5:27 PM, Mark Hammond<[email protected]> wrote: > On 11/07/2009 10:13 AM, Chris Anderson wrote: > >> I think we're on the right track as we're really using this >> development to implement CouchDB's model of roles, which is >> essentially an array of strings like: ["_admin", "foo", "bar"] >> >> Having a working system which brings in more than just the admin role >> is a big step forward in preparing to integrate with other auth >> systems. > > Agreed - and this is where the focus should be. It is quite possible I > misunderstood (I haven't checked the code) but I feared the focus on 'cookie > auth' might only produce a system that integrates well with cookie-auth. If > the focus is on the integration and cookies just happen to be a 'test bed' > for this scheme, then I think we are in violent agreement (although I'd > still maintain that 'test bed' need not be part of the core...) >
I feel like Erlang encourages to write decoupled modules, and this makes us able to absorb more features without taking the same maintenance hit you might in a mutable language. My long-term picture (and this is just mine, not the project's) sees CouchDB having a suite of auth modules as they are contributed, that resolve external systems (LDAP, OpenID, etc) into the CouchDB name & roles userCtx object, so they are interoperable with our validation functions, filters, etc. Chris -- Chris Anderson http://jchrisa.net http://couch.io
