I believe the _security object should be versioned in order to ease synchronization of the object between databases. This proposal is motivated (unsurprisingly) by BigCouch, which typically stores multiple copies of each database in a multi-master configuration. When the _security object is written in BigCouch the update is issued to all available shards. We run into problems if an update is issued while some shards are unavailable, because we don't know how to synchronize the divergent copies once all the shards are back online.
In my head I see us representing the _security object using a #full_doc_info, just as we would a document. Unlike documents the _security object (or a pointer to it) would still be written in the header of the database for fast access during request processing. I haven't quite decided what I think the API should look like, e.g. whether the full document API (including attachments?) should be supported. Regards, Adam
