[
https://issues.apache.org/jira/browse/COUCHDB-1724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15063114#comment-15063114
]
Corey Quillen commented on COUCHDB-1724:
----------------------------------------
I recently realized there is a major limitation to the user and security model.
Specifically, you can't allow any end-users to manage users without giving
them server admin privileges. You can't do that of course because then they
could read all user password hashes and delete databases, etc.
> Improve the user and security model
> -----------------------------------
>
> Key: COUCHDB-1724
> URL: https://issues.apache.org/jira/browse/COUCHDB-1724
> Project: CouchDB
> Issue Type: Improvement
> Reporter: Dave Cottlehuber
> Labels: gsoc, mentor
>
> * Support distributed identity systems such as OpenID
> * Allow for easier external authentication
> * Finer grained authorization (instead of the binary _admin or not)
> * Instead of exposing /_users as a database, design an API to cover
> all expected operations instead.
> Fine-grained authorization would allow the ability grant read and write
> access independently, among other things. Specifically it should be possible
> to grant the ability to write but not read.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
