donp.org/blogtagtreeThe sublime abiding.
IceCondor, CouchDB, and GnuPG
Don Park

if this project is going to go anywhere, the scalability of the server needs to have some kind of solution. CouchDB is an erlang app. Erlang is, from what Ive read, the best possible platform to use for a web service. Highly parallel, fault tolerant. Each icecondor client will communicate directly to a couchdb server. The client can point its reads and writes to one or more servers which the user will define with a URL. CouchDB uses a map-reduce system, which is the power behind google's search engine.

CouchDB has some kind of write access control (im not too concerned about read control, see below) though I dont understand it fully. Authentication can be handled with a javascript method on couchdb. It might even be able to do OAUTH that way. As far as read access control, I woke up this morning thinking all couchdb data would be world-readable and a GPG web of trust could be used to encrypt the data. First tie a URL to a GPG public key, perhaps with an XRDS discovery entry. The client would have the public and private keys of the user. Next, sign every record before pushing to the server. That means the data can be duplicated across servers even in different organizations and the authenticity of the record can be validated by a third party. Signing a cleartext record would mean my location updates could be validated and be available to anyone. The phone has a friends list including their public keys and updates could be encrypted to any number of that list of friends. Any one of those keys is enough to decrypt the data. If a new friend is added, historical records will still not be available to the new person. If a friend is removed, past updates will still be available. That may be acceptable.

I think in terms of middleware. An application on an application server in between the client(s) and the database(s). This is different. I like the idea of direct pushes to couchdb. Its easy for anyone to setup their own storage engine and the replication comes for free. A server will still exist, with its own web interface for the web-browsing public, that communicates with couchdb for web-based reports, large scale dataprocessing, etc., remote client configuration, account management, etc..

tags: