On Wed, Aug 4, 2010 at 7:01 AM, J Chris Anderson <[email protected]> wrote:
> > On Aug 3, 2010, at 8:30 PM, sgoto wrote: > > > Hey everyone, > > > > According to this page: > > > > http://books.couchdb.org/relax/design-documents/validation-functions > > > > An administrator could write validation function to ensure the data > that > > gets written to couchdb is validated. I'm interested in adding some > PGP-like > > signing of documents for authentication. I'm also interested in md5ing > the > > contents of the message to ensure integrity, but i'll leave that for > later. > > > > This leads me to the following question: > > > > What are the contents of userCtx in the validator's signature ? > > > > function(newDoc, oldDoc, userCtx) { > > throw({forbidden : 'no way'}); > > } > > > > the best way to learn this is to do > > log(userCtx) inside your function. > > the contents of the userCtx are minimal, just name and roles. The idea > behind this is to make a narrow lowest common denominator so LDAP, kerberos, > etc can all work with existing apps. > > > > > would it be the contents of the authentication database ? > > > > http://wiki.apache.org/couchdb/Security_Features_Overview > > http://wiki.apache.org/couchdb/Authentication_and_Authorization > > > > { > > "_id" : "org.couchdb.user:joe", > > "type" : "user", > > "name" : "joe", > > "roles" : ["erlanger"], > > "password_sha" : "fe95df1ca59a9b567bdca5cbaf8412abd6e06121", > > "salt" : "4e170ffeb6f34daecfd814dfb4001a73" > > } > > > > > > any existing work/library/method (eg CA vs web of trust, storing > encrypted > > documents, signing, integrity, etc) that I should be aware of ? > > > > Hard part is getting something to sign. I have started this project here: > > http://github.com/jchris/canonical-json > > this is a very interesting library @jchris. i'm not sure a canonical representation of a json is absolutely necessary, if you are signing binary base64 data for example. i am interesting in having authentication and authorization to be done with PGP/GPG certificates (to make sure replication works with untrusted nodes). how far have you gotten with parsing/extracting/verifying PGP certificates (you seem to be using the same library i am to parse/extract/verify PGP certificates http://github.com/jchris/canonical-json/tree/master/www.hanewin.net/) ? > (plz ignore the name) > > Chris > > > -- > > f u cn rd ths u cn b a gd prgmr ! > > -- f u cn rd ths u cn b a gd prgmr !
