On Aug 3, 2010, at 8:30 PM, sgoto wrote: > Hey everyone, > > According to this page: > > http://books.couchdb.org/relax/design-documents/validation-functions > > An administrator could write validation function to ensure the data that > gets written to couchdb is validated. I'm interested in adding some PGP-like > signing of documents for authentication. I'm also interested in md5ing the > contents of the message to ensure integrity, but i'll leave that for later. > > This leads me to the following question: > > What are the contents of userCtx in the validator's signature ? > > function(newDoc, oldDoc, userCtx) { > throw({forbidden : 'no way'}); > } >
the best way to learn this is to do log(userCtx) inside your function. the contents of the userCtx are minimal, just name and roles. The idea behind this is to make a narrow lowest common denominator so LDAP, kerberos, etc can all work with existing apps. > > would it be the contents of the authentication database ? > > http://wiki.apache.org/couchdb/Security_Features_Overview > http://wiki.apache.org/couchdb/Authentication_and_Authorization > > { > "_id" : "org.couchdb.user:joe", > "type" : "user", > "name" : "joe", > "roles" : ["erlanger"], > "password_sha" : "fe95df1ca59a9b567bdca5cbaf8412abd6e06121", > "salt" : "4e170ffeb6f34daecfd814dfb4001a73" > } > > > any existing work/library/method (eg CA vs web of trust, storing encrypted > documents, signing, integrity, etc) that I should be aware of ? > Hard part is getting something to sign. I have started this project here: http://github.com/jchris/canonical-json (plz ignore the name) Chris > -- > f u cn rd ths u cn b a gd prgmr !
