Some links: @rnewson today mentioned implementing [XACML](https://en.wikipedia.org/wiki/XACML) at IBM/Cloudant to replace the current roles system, and I don't see any reason we couldn't consider mirroring this framework, if not the implementation. (Eew, XML.) Robert is going to ask @kocolosk how much of the IBM implementation he can discuss in public. In short, their model doesn't have the PDP layer inside of Couch; if we took the same approach, we'd have to build a PDP inside of Couch, which could consult whatever source of information it wanted. This might or might not include such things as `_security` objects, depending on how we wish to implement things.
The thought occurred to me that web-of-trust systems might be useful in this space as well, since it was mentioned on the Wikipedia page for XACML. It'd be especially interesting from a CouchDB replication trust model as well. I think this might be a separate ticket, however. Upcoming (but not yet widespread) standards in this space include DID and OCAP-LD from the W3C. [ Full content available at: https://github.com/apache/couchdb/issues/1504 ] This message was relayed via gitbox.apache.org for [email protected]
