From: Michael Albinus <michael.albinus@gmx.de>
To: Ted Zlatanov <tzz@lifelogs.com>
Cc: ding@gnus.org
Subject: Re: tzz-auth-source-rewrite branch
Date: Sun, 06 Feb 2011 21:36:32 +0100 [thread overview]
Message-ID: <87r5bkc33j.fsf@gmx.de> (raw)
In-Reply-To: <87lj1tt0u4.fsf@lifelogs.com> (Ted Zlatanov's message of "Sun, 06 Feb 2011 13:33:23 -0600")
Ted Zlatanov <tzz@lifelogs.com> writes:
> MA> `secrets-search-items' returns already a list of results. It is slow to
> MA> get all attributes and secret strings of the items sequentially;
> MA> unfortunately there is no D-Bus method to get them in a bunch (for
> MA> several items at once).
>
> I'll leave it that way for now because it will be cached, but that seems
> like a painful limitation long-term.
Yes. I'll grab whether we could do it better.
> Am I correct in assuming that substring/regex searches on the attributes
> are not possible?
Yes. The Secret Service API claims:
"During a lookup, attribute names and values are matched via
case-sensitive string equality."
> MA> I've changed `auth-source-secrets-search' such a way that it does not call
> MA> `secrets-get-secret', this call is moved to the returned function. This
> MA> should reduce the number of D-Bus calls in
> MA> `auth-source-secrets-search'.
>
> Yes, but now every time the user wants the secret they will get a
> surprise call and caching won't work. So I would prefer to call
> `secrets-get-secret' early. I left that bit out of the patch, I hope
> you don't mind.
No problem. Mid-term, we could improve the returned function to
check/add caches as well.
> MA> This is a disadvantage of the Secret Service API (IMO): it defines
> MA> access methods for the storage, but it does not define default
> MA> keys/attributes. Every application is free to use its own
> MA> attributes. For reuse of existing, we must either do some assumptions,
> MA> or we must inspect which attributes are already used, and apply them.
>
> I think we should support the Google Chrome schema, at least:
>
> username_value => user
> origin_url => protocol (using the protocol piece of the URL) and host
> (using the host piece)
>
> Those values won't work for creation (meaning we won't be able to create
> valid Chrome entries without user assistance), but at least there's a
> good chance that the user can reuse their Chrome passwords. Is that
> reasonable? Do you know of any other software that has its own schema
> like Chrome does?
Once I've heard that Firefox will use it as well. I haven't seen it.
I know that it is used by Nautilus, UbuntuOne, Desktop Couch, Deja Dup
backup, some IRC clients, ...
Open your seahorse client, and have a look on it.
> Ted
>
> p.s. Sorry about the multiple merge and commit messages on this branch.
No problem. That's why we have git :-)
Best regards, Michael.
next prev parent reply other threads:[~2011-02-06 20:36 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E1PlOrx-0002M3-00@quimby.gnus.org>
2011-02-04 16:55 ` [gnus git] branch tzz-auth-source-rewrite created: =0= Ted Zlatanov
2011-02-06 14:59 ` tzz-auth-source-rewrite branch (was: [gnus git] branch tzz-auth-source-rewrite created: =0=) Ted Zlatanov
2011-02-06 17:05 ` tzz-auth-source-rewrite branch Lars Ingebrigtsen
2011-02-07 20:47 ` Ted Zlatanov
2011-02-08 22:28 ` Ted Zlatanov
2011-02-09 21:36 ` Ted Zlatanov
2011-02-14 3:28 ` Lars Ingebrigtsen
2011-02-14 3:28 ` Lars Ingebrigtsen
2011-02-14 15:03 ` Ted Zlatanov
2011-02-14 17:58 ` Andreas Schwab
2011-02-06 18:38 ` Michael Albinus
2011-02-06 19:33 ` Ted Zlatanov
2011-02-06 20:36 ` Michael Albinus [this message]
2011-02-07 18:14 ` Ted Zlatanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r5bkc33j.fsf@gmx.de \
--to=michael.albinus@gmx.de \
--cc=ding@gnus.org \
--cc=tzz@lifelogs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).