gnome-keyring DBus interface model
- From: Stef <stef-list memberwebs com>
- To: gnome-keyring-list gnome org
- Subject: gnome-keyring DBus interface model
- Date: Sat, 21 Feb 2009 17:07:07 +0000 (UTC)
We're talking about implementing a DBus interface for secret storage.
Without getting too much into the details, here are some thoughts that
have come up about the model to use.
* The current gnome-keyring ACL model sucks. It prompts users for
things they cannot possibly make intelligent decisions on.
* Big users of secrets (such as web browsers) probably want their
own namespace to store secrets in. Brought up by Adam.
* Some apps want to store secrets that nobody else can easily
browse through and read.
I'll use 'keyring' below, for lack of a better term for "collection of
secrets locked by a master password".
I was thinking that perhaps we want to implement ACLs along the keyring
lines. That is when creating a new keyring, an application can choose to
have it shared (any application can access secrets) or private (where
any application can see items, but not their secrets).
No ACLs on individual items.
ACLs on keyrings for a private keyring would allow multiple applications.
No prompts for another application trying to access secrets on a private
keyring, just "can't do that".
The above allows a password manager (like seahorse) to function as
expected, but also limits access to secrets where required.
Any other aspects?
Cheers,
Stef
[
Date Prev][
Date Next] [
Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
