On Tue, Feb 9, 2010 at 2:52 PM, Chris Anderson <jch...@apache.org> wrote: > Devs, > > I've been getting a lot of feedback about the authentication & > authorization work that I did over the holidays and over the last few > weeks. There are also some enhancements I've been thinking about for a > while. Here's a quick list of what I see as the important things to > do. I'm not concerned here with releases / feature freeze etc as in my > opinion CouchDB development is expected to continue even after we > reach 1.0. > > 1) Extensible password storage. > > Thanks Brian Candler for the links to the OpenLDAP style of storage. I > think we should do this asap so we don't have to worry about backwards > compatibility with the current storage mechanism until the end of > time. The relevant message: > http://permalink.gmane.org/gmane.comp.db.couchdb.devel/7588
I'm helping Filipe Manana with an implementation of this, which will be backwards compatible with existing admin passwords (stored in config). We won't try to be backwards compatible with old _users dbs (it should be simple to write an upgrade script if you have crucial data). This doesn't need to block 0.11 but it could go in 0.11.1 as it'd be nice to get it out there for people who want better crypto. > > 2) ACLs / Security Object > > I couldn't originally think of a reason the validation funs would need > to see the per-db admins / readers lists. Brian has a use case for > this. Also, I think I can accomplish this feature while also > simplifying the implementation. I'd like to make it so each db has an > /_security object that contains admins and readers (in their current > form, but as fields on the object, not as separate object at different > URLs). This entire object would be made available to the validation > functions. This is done and in trunk. I plan to backport this to the 0.11.x branch unless there are objections. > > 3) More system roles. > > Brian also mentioned something about _user and _anon roles which could > be applied to the userCtx automatically. This would be handy in both > per-db access control and in validation functions. This will be a bit > harder to implement as it touches more of the codebase. I'm also > uneasy about these roles as they raise the burden for implementors of > pluggable authentication modules. > > Going forward we maybe want to add a _replicator role (or maybe that's > a horrible idea). We should also think about making it possible for > _admins to interact with the database without the _admin role. They > could trigger admin actions with something like sudo. I want to put > this off for now, because it's complicated and worse-case scenario is > people don't realize they need to "sudo" to get things done, and come > away thinking CouchDB is fighting with them. we can punt on this for 1.0, it won't break backward compat to add it later > > 4) _temp_views and _all_dbs (maybe more) > > Regardless of whether the above is done, for 1.0 we should clean up > any bugs like these. > Please file tickets (especially with JavaScript test cases) if you find anything that needs fixing for 1.0. These are important bugs to fix but they don't need to block 0.11 > 5) drop box > this can happen after 1.0 Thanks, Chris -- Chris Anderson http://jchrisa.net http://couch.io
