Re: gnome-keyring ACL Support
- From: Anders Rundgren <anders rundgren telia com>
- To: Stef Walter <stefw collabora co uk>
- Cc: gnome-keyring-list gnome org
- Subject: Re: gnome-keyring ACL Support
- Date: Sun, 05 Dec 2010 07:50:15 +0100
Stef Walter wrote:
On 2010-12-01 11:53, Anders Rundgren wrote:
As a creator of secure server applications using JBoss and TomCat, I get
frustrated by managing gazillions of keystores scattered over the machines.
Gnome Keyring could help but IMO there is still one thing missing and
that's a way to get rid of all the passwords littering various "config"
files.
I haven't given server side secure storage that much thought, but have
you taken a look at the secret service spec?
Hi Stef,
Yes, I have skimmed it at least. I believe (could be wrong) it has a different
goal than the ACL scheme I propose since my wish is to get away from passwords
altogether for server-applications using keys.
Having talked to banks I also see that doing access control for keys
based on operating system information (calling application) would be useful.
I expect this to eventually be a feature in most mobile operating
systems, otherwise you must use rather discriminating security
models for apps, alternatively letting each app have their open
private key-store. The latter would make provisioning and management
a nightmare or require that every app has such stuff built-in.
I realize that this would be a major revision and IMO it would be
useless on its own; it must accompanied by other tools, otherwise
it is probably just a waste of precious development cycles.
See it as a discussion :-) If nobody is interested I will not
push it, but maybe try to add it to Android.
Severely lagging project of mine:
http://android-keystore-v2.webpki.org
The plan has been completely revised based on stuff like above.
Cheers,
Anders
Cheers,
Stef
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
