wohali commented on issue #1504: Redesign CouchDB security system URL: https://github.com/apache/couchdb/issues/1504#issuecomment-414733860 Some links: @rnewson today mentioned implementing [XACML](https://en.wikipedia.org/wiki/XACML) at IBM/Cloudant to replace the current roles system, and I don't see any reason we couldn't consider mirroring this framework, if not the implementation. (Eew, XML.) Robert is going to ask @kocolosk how much of the IBM implementation he can discuss in public. In short, their model doesn't have the PDP layer inside of Couch; if we took the same approach, we'd have to build a PDP inside of Couch, which could consult whatever source of information it wanted. This might or might not include such things as `_security` objects, depending on how we wish to implement things. The thought occurred to me that web-of-trust systems might be useful in this space as well, since it was mentioned on the Wikipedia page for XACML. It'd be especially interesting from a CouchDB replication trust model as well. I think this might be a separate ticket, however. Upcoming (but not yet widespread) standards in this space include DID and OCAP-LD from the W3C.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
