Re: cleaning up keyrings

From: Stef Walter <stef-list memberwebs com>
To: Havoc Pennington <hp redhat com>
Cc: desktop-devel-list gnome org, Bastien Nocera <hadess hadess net>
Subject: Re: cleaning up keyrings
Date: Tue, 28 Aug 2007 22:38:24 +0000 (UTC)

Havoc Pennington wrote:
>  - when do you use "default"/NULL vs. "session" keyring? (I think I've
> asked this before, but I forget)

Use NULL (which automatically maps to the default keyring) when you
don't care what keyring a password is stored in, but you want it stored
for good. In many cases this will be the 'login' keyring which is
automatically unlocked when the user logs into their session.

Use 'session' (this should really be a #define in gnome-keyring.h) when
something should only be stored for the session.

gnome-keyring just got its documentation this cycle (library.gnome.org
doesn't seem to have it yet).

>  - the Gossip patch sets user=havoc.pennington and server=gmail.com
> for my account, but why does it set "server" and not "domain", and
> when would something set "domain"? Is "domain" intended for web
> passwords only?

Domain, as far as I know was intended for windows network shares.

>  - what is the "object" field in gnome-keyring supposed to be for?
> NetworkManager vpn stuff sets it to "password" and "group_password",
> the Gossip patch doesn't use it

This was originally used for the share name in windows network shares,
and I've seen it used for for 'paths' underneath the main hostname.

> Ideally I think we'd allow Gossip and Pidgin to ask something like
> "give me all XMPP accounts on the keyring," I guess that would use the
> "protocol" field? Would the results be sane if Gossip or Pidgin
> "merged" this resulting list of accounts with their own app-specific
> list of accounts? How should that merge be done? What if you delete an
> account in the app's account manager screen?

So what you're really talking about is storing the concept of an
'account' with all related information in gnome-keyring. So far the
focus has been on passwords and secrets. This is certainly possible, but
like you said needs a solid spec to get anywhere. The way current
applications store information in the keyrings just isn't structured
enough.

Cheers,
Stef Walter

Follow-Ups:
- Re: cleaning up keyrings
  - From: Frederic Peters

References:
- cleaning up keyrings
  - From: Havoc Pennington
- Re: cleaning up keyrings
  - From: Bastien Nocera
- Re: cleaning up keyrings
  - From: Havoc Pennington

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]