On 13 September 2012 08:17, svilen <[email protected]> wrote: > g'day > this is about per-user authentication of replication. (similar to the > thread "App layer on top of replication" but that's not exactly my > use-case). > > imagine a chat-room. each message is a document. each chat room is a > database. no conflicts. Each user can participate in many chat rooms > (=databases) and have them replicated to and from localy, continuosly > (on as many devices he wants). > > the question is: how to make the authentication/security properly? > > so far i'm guessing i should have a separate user-account layer/module > to know who is who on server. > > how to allow users to use only chat-rooms they're registered in? > in case all couchdb-user's credential live in database, and hence are > replicated, that is not usable.. > > how about replication itself? wrap it in some user-authenticated > api-call/url-rewrite (and disable it for external world)? or something > else? > > ciao > svil
Assuming you have a hub node that has all user accounts and a db per chat room, that all external users replicate from/to, you could simply use DB roles. When you join a chat room, you'd need to be added to the role list for that DB (by some process external to couch that knows if you are allowed to access it), and then you could set up replication on the endpoint node. Would that be sufficient? A+ Dave
