[PATCH] Move the GetSecret, SetSecret and GetSecrets methods.

Stef Walter stef at memberwebs.com
Tue Nov 24 18:42:39 PST 2009


Move to more relevant interfaces, and add secret parameter
to CreateItem.
---
 specifications/Secrets/org.freedesktop.Secrets.xml |   71 ++++++++++---------
 specifications/Secrets/specification.xml           |   34 +++++-----
 2 files changed, 54 insertions(+), 51 deletions(-)

diff --git a/specifications/Secrets/org.freedesktop.Secrets.xml b/specifications/Secrets/org.freedesktop.Secrets.xml
index c580d12..9db94a6 100644
--- a/specifications/Secrets/org.freedesktop.Secrets.xml
+++ b/specifications/Secrets/org.freedesktop.Secrets.xml
@@ -49,14 +49,14 @@
     <!--
      * ======================================================================================
      * SECRET STRUCT
-     * Signature: (sayay)
+     * Signature: (oayay)
      *
     -->
 
     <tp:struct name="Secret">
         <tp:docstring>The Secret type holds a (possibly encoded) secret.</tp:docstring>
-        <tp:member type="s" name="algorithm">
-            <tp:docstring>Algorithm used to encode the secrets value.</tp:docstring>
+        <tp:member type="o" name="session">
+            <tp:docstring>The session that was used to encode the secret.</tp:docstring>
         </tp:member>
         <tp:member type="ay" name="parameters">
             <tp:docstring>Algorithm dependent parameters for secret value encoding.</tp:docstring>
@@ -71,7 +71,7 @@
         <tp:member type="o" name="Key">
             <tp:docstring>D-Bus object-path</tp:docstring>
         </tp:member>
-        <tp:member type="(sayay)" name="Value" tp:type="Secret">
+        <tp:member type="(oayay)" name="Value" tp:type="Secret">
             <tp:docstring>A secret</tp:docstring>
         </tp:member>
     </tp:mapping>
@@ -159,6 +159,19 @@
                 </arg>
             </method>
 
+            <method name="GetSecrets">
+                <tp:docstring>Retrieve multiple secrets from different items.</tp:docstring>
+                <arg name="items" type="ao" direction="in">
+                    <tp:docstring>Items to get secrets for.</tp:docstring>
+                </arg>
+                <arg name="session" type="o" direction="in">
+                    <tp:docstring>The session to use to encode the secrets.</tp:docstring>
+                </arg>
+                <arg name="secrets" type="a{o(oayay)}" direction="out" tp:type="ObjectPath_Secret_Map">
+                    <tp:docstring>Secrets for the items.</tp:docstring>
+                </arg>
+            </method>
+
             <signal name="CollectionCreated">
                 <tp:docstring>A collection was created.</tp:docstring>
                 <arg name="collection" type="o">
@@ -240,6 +253,9 @@
                 <arg name="properties" type="a{sv}" direction="in">
                     <tp:docstring>The properties for the new item.</tp:docstring>
                 </arg>
+		<arg name="secret" type="(oayay)" tp:type="Secret" direction="in">
+                    <tp:docstring>The secret to store in the item, encoded with the included session.</tp:docstring>
+                </arg>
                 <arg name="replace" type="b" direction="in">
                     <tp:docstring>Whether to replace an item with the same attributes or not.</tp:docstring>
                 </arg>
@@ -317,6 +333,23 @@
                 </arg>
             </method>
 
+            <method name="GetSecret">
+                <tp:docstring>Retrieve the secret for this item.</tp:docstring>
+                <arg name="session" type="o" direction="in">
+                    <tp:docstring>The session to use to encode the secret.</tp:docstring>
+                </arg>
+                <arg name="secret" type="(oayay)" tp:type="Secret" direction="out">
+                    <tp:docstring>The secret retrieved.</tp:docstring>
+                </arg>
+            </method>
+
+            <method name="SetSecret">
+                <tp:docstring>Set the secret for this item.</tp:docstring>
+                <arg name="secret" type="(oayay)" tp:type="Secret" direction="in">
+                    <tp:docstring>The secret to set, encoded for the included session.</tp:docstring>
+                </arg>
+            </method>
+
         </interface>
 
     </node>
@@ -357,36 +390,6 @@
                 </arg>
             </method>
 
-            <method name="GetSecret">
-                <tp:docstring>Retrieve the secret for this item.</tp:docstring>
-                <arg name="item" type="o" direction="in">
-                    <tp:docstring>The path to the secret we want to retrieve.</tp:docstring>
-                </arg>
-                <arg name="secret" type="(sayay)" tp:type="Secret" direction="out">
-                    <tp:docstring>The secret retrieved.</tp:docstring>
-                </arg>
-            </method>
-
-            <method name="SetSecret">
-                <tp:docstring>Set the secret for this item.</tp:docstring>
-                <arg name="item" type="o" direction="in">
-                    <tp:docstring>The path to the secret we want to retrieve.</tp:docstring>
-                </arg>
-                <arg name="secret" type="(sayay)" tp:type="Secret" direction="in">
-                    <tp:docstring>The secret retrieved.</tp:docstring>
-                </arg>
-            </method>
-
-            <method name="GetSecrets">
-                <tp:docstring>Retrieve multiple secrets from different items.</tp:docstring>
-                <arg name="items" type="ao" direction="in">
-                    <tp:docstring>Items to get secrets for.</tp:docstring>
-                </arg>
-                <arg name="secrets" type="a{o(sayay)}" direction="out" tp:type="ObjectPath_Secret_Map">
-                    <tp:docstring>Secrets for the items.</tp:docstring>
-                </arg>
-            </method>
-
         </interface>
 
     </node>
diff --git a/specifications/Secrets/specification.xml b/specifications/Secrets/specification.xml
index 0e0c0d7..b67d07b 100644
--- a/specifications/Secrets/specification.xml
+++ b/specifications/Secrets/specification.xml
@@ -54,6 +54,10 @@
 			The attributes can be used to lookup and retrieve a secret at a later date. The 
 			lookup attributes are not treated as secret material, and the service may choose 
 			to not encrypt attributes when storing them to disk.</para> 
+
+			<para>This API was desigened by GNOME and KDE developers with the goal of having
+			a common way to store secrets. Its predecessors are the desktop specific APIs
+			used by GNOME Keyring and KWallet.</para>
 		</chapter>
 		
 		<chapter>
@@ -223,32 +227,28 @@
 			<title>Transfer of Secrets</title>
 			
 			<para>To access or store secrets, use the
-			<link linkend='org.freedesktop.Secrets.Session.GetSecret'><function>GetSecret()</function></link>,
-			<link linkend='org.freedesktop.Secrets.Session.GetSecrets'><function>GetSecrets()</function></link>,
-			<link linkend='org.freedesktop.Secrets.Session.SetSecret'><function>SetSecret()</function></link>
-			methods on the session interface.</para>
+			<link linkend='org.freedesktop.Secrets.Item.GetSecret'><function>GetSecret()</function></link>,
+			<link linkend='org.freedesktop.Secrets.Item.SetSecret'><function>SetSecret()</function></link>
+			methods on the item interface, or the
+			<link linkend='org.freedesktop.Secrets.Service.GetSecrets'><function>GetSecrets()</function></link>,
+			method on the service interface.</para>
 
-			<para>Since this is a D-Bus API, the data in all method calls and other accesses
-			in this API will go through multiple processes, and may be cached arbitrarily
-			by the OS or elsewhere.</para>
+			<para>You must specify a session when retrieving or storing a secret. The session
+			controls how the secret is encoded during transfer. Since this is a D-Bus API, the
+			data in all method calls and other accesses in this API will go through multiple
+			processes, and may be cached arbitrarilyby the OS or elsewhere.</para>
 			
 			<para>The Secrets API has provision to encrypt secrets while in transit between 
-			the service and the client application.</para>
-			
-			<para>The encryption is not envisioned to withstand man in the middle attacks, or 
-			other active attacks. It is envisioned to minimize storage of plain text secrets
-			in memory and prevent storage plain text storage of secrets in a swap file or other
-			caching mechanism.</para>   
+			the service and the client application. The encryption is not envisioned to withstand
+			man in the middle attacks, or other active attacks. It is envisioned to minimize
+			storage of plain text secrets in memory and prevent storage plain text storage of
+			secrets in a swap file or other caching mechanism.</para>
 			
 			<para>Many client applications may choose not to make use of the provisions to 
 			encrypt secrets in transit. In fact for applications unable to prevent their own
 			memory from being paged to disk (eg: Java, C# or Python apps), transfering 
 			encrypted secrets would be an excersize of questionable value.</para>
 			
-			<para>This API was desigened by GNOME and KDE developers with the goal of having
-			a common way to store secrets. Its predecessors are the desktop specific APIs
-			used by GNOME Keyring and KWallet.</para>
-
 			<section>
 				<title>Negotiation of Algorithms</title>
 			
-- 
1.6.3.3


--------------060405060509030403010403--


More information about the Authentication mailing list