http://wiki.apache.org/couchdb/SignedDocumentsEssentially, you add a nested object to the JSON that contains the signature data, the document digest, and the public key identifying the signer. This is a direct translation from the original YAML of a schema I designed & implemented a year ago for an application I was working on. The underlying ideas come from the earlier "key-centric identity" systems SDSI and SPKI.
I think something like this would be nearly mandatory in a fully- distributed usage of CouchDB, a network of nodes that cannot all trust each other. The only way to trust the documents being replicated through the system is for each document to independently assert its creator and its integrity. That's what signatures give you.
I don't think this would require any changes to CouchDB itself. But most uses of it would require verifying signatures in document validation functions; this requires doing some serious crypto (like RSA encoding), and I don't know if there is any reliable and performant JavaScript implementation of that.
Comments and suggestions welcome, of course :) —Jens
smime.p7s
Description: S/MIME cryptographic signature
