cleaning up keyrings



Hi,

Looking for pointers to people working on the following or who have
had ideas on the following.

When doing "create new account, use desktop from scratch" tests, you
quickly notice you're typing the same password a bunch of times (e.g.
gmail in browser, gmail/calendar in bigboard, gtalk in pidgin or
gossip).

John Markoff recently did an impromptu Online Desktop using a live CD:
http://bits.blogs.nytimes.com/2007/08/24/why-cant-we-compute-in-the-cloud-part-2/

a quote from that: "I found the only things I was missing were the
passwords to online databases and my files of past reporting notes and
articles which I occasionally refer to."

Anyway, I'm thinking about how to clean up the password-storage situation.

Here is the current situation:
 - Pidgin just sticks passwords in plain text in app-specific XML files
 - Gossip does the same thing, plain text in XML files
 - Firefox has its whole own thing, though they have plans to use the
Keychain on OS X they are not planning to use gnome-keyring according
to possibly-outdated wiki page:
http://wiki.mozilla.org/Firefox:Password_Manager
 - BigBoard puts things in gnome-keyring

Looking in gnome-keyring-manager, there's barely anything in there.
All I have in mine is BigBoard and NetworkManager's VPN feature.
(NetworkManager doesn't put WEP keys in there, though, apparently?)

Looking at gnome-keyring-manager does hint at one problem, though;
gnome-keyring is too "policy free" and free-form. It provides a shared
password facility, but no real guideline for _how_ to store the
passwords or how to find the password for a particular thing or
particular site.

The Apple Keychain API is of interest if Firefox is going to try to
work with that, so here it is for reference:
http://developer.apple.com/documentation/Security/Conceptual/keychainServConcepts/index.html

Here is what I think we need:
 - some specification of how to store passwords in gnome-keyring, i.e.
what goes in the fields like "server" and "object" if I have a random
XMPP account, AIM account, web site password, and other typical cases.
Also, firefox stores the name="" attributes from the username and
password input fields, where do those go?
 - this spec has to support the "account manager" type UI in the IM
clients, where you can create N accounts and specify the
login/password for each
 - fix BigBoard to use the spec
 - fix the IM apps to use the keyring
 - fix Firefox to use the keyring, or at least let apps query Firefox
password manager storage
 - have some mechanism for "smart deductions," like "I can guess you
have an XMPP account that matches your google.com username/password" -
maybe this just has to be in the apps, not sure

I just started thinking about this today, so let me know what's missing.

Havoc



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]