I like to use a prefix so that if it have roles I'm using for this aliasing
feature, they don't get mixed up with roles I'm using for something else.
The prefix should be unique in your app, but maybe pick something shorter
than "codename".
Chris
On Friday, October 16, 2015 at 3:00:11 PM UTC-7, Seung Chan Lim wrote:
>
> Ah... roles... Yes, indeed.
>
> It occurs to me that "codename-" prefix is unnecessary.
>
> Am I right?
>
> slim
>
> On Friday, October 16, 2015 at 2:25:19 PM UTC-4, Jens Alfke wrote:
>>
>>
>> On Oct 16, 2015, at 7:14 AM, Seung Chan Lim <djs...@gmail.com> wrote:
>>
>> 1. have users create documents
>> 2. only allow the user that created the document to edit the document
>> (i.e. in the sync function check the "owner" attribute to be the same as
>> the authenticated user)
>> 3. allow everyone see the document (i.e. put it in a "public" channel)
>> 4. hide who created the document from people other than the creator
>>
>>
>> This is tricky. By design, there isn’t any hidden information in
>> documents. That’s because we support multi-master replication where docs
>> might pass through multiple servers/peers, so there isn’t just one source
>> of ‘truth’. I think the best you can do is to *obscure* the creator, so
>> that it’s possible to tell that two revisions were written by the same
>> creator without revealing who that creator is.
>>
>> I came up with a clever solution that relies on encrypting the username.
>> Unfortunately it would require the sync function to decrypt it, but it
>> isn’t practical to do that because there are no encryption APIs available,
>> and implementing them in JS in the sync fn would be too slow. :(
>>
>> Then JChris came up with an even more clever solution, and I simplified
>> it a little bit:
>>
>>
>> - For every user, pick a secret string as their ‘codename’. It needs
>> to be unique, and it needs to be impossible to derive the username from
>> the
>> codename.
>> - Create a role named "codename-“+codename, and grant only that user
>> that role.
>> - The client needs to know the user's codename somehow.
>> - When a client creates a new document, it adds a property “codename”
>> whose value is the user’s codename.
>> - The sync function then calls requireRole("codename-"+doc.codename)
>>
>>
>> —Jens
>>
>
--
You received this message because you are subscribed to the Google Groups
"Couchbase Mobile" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to mobile-couchbase+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/mobile-couchbase/ad3ef896-bcab-4b76-a03b-aa6a46a77fea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
