On Mon, Jul 29, 2013 at 6:13 AM, Jason Smith <[email protected]> wrote: > Thanks, Jim. That is basically my plan. To be clear, I would ship > "outsourced mode" (browserid.org hosted JavaScript and verification) > in a CouchDB release. It's just that I would work to get "tinfoil hat > mode" added in for a subsequent release. Outsourced mode already > exists (modulo a rewrite and unit tests) as a plugin, but I want to > merge it in.
Running the verification inside CouchDB is very sane. It looks like local verification will be the recommended approach anyway in the near future. > I am not sure if I understand you exactly. Persona is a three-party > protocol between users, relying parties (RPs) and identity providers > (IdPs). I am talking about RP support for CouchDB. AFAIK there is a > bit of mere-mortal cypto to do but it does not require IdP support. Your tinfoil hat mode is a bit weird. If you're doing disconnected operation, you can only connect to Identity Providers inside the LAN, so general RP support becomes impossible, so it's a pretty crippled setup. Cheers, Dirkjan
