On Sep 6, 2010, at 8:50 AM, Wout Mertens wrote: > On Sep 6, 2010, at 17:24 , J Chris Anderson wrote: > >> Also it is worth noting that CouchDB has a builtin authentication system >> that gets this right, and you might just be able to piggyback on it, >> depending on your application: >> >> http://blog.couch.io/post/1027100082/whats-new-in-couchdb-1-0-part-4-securityn-stuff > > So the security model is: > - Admins can do everything on all local databases > - Readers can read the entire database > - Writes can have any model you like with validation functions > > So if you want to segment your database readers you have to segment your > databases. >
Yes. > Furthermore, if you would like to use LDAP authentication, you'd have to use > an LDAP-to-OAuth server. > It should be a very simple patch to add new Erlang authentication handlers for things like LDAP, Kerberos, etc. That might be simpler than adding a bunch of glue to speak OAuth. > Correct? > > Wout.
