[Authentication] Open Issue: Transient Collections
lemma at confuego.org
Tue Sep 1 03:04:59 PDT 2009
Stef Walter wrote:
> Michael Leupold wrote:
>> Stef Walter schrieb:
>>> One thing we haven't covered in the spec is collections that only live
>>> for the user's current desktop login session.
>>> In gnome-keyring we have a 'session' keyring which does this. Do we want
>>> to have something like this in the secrets API? Among other things, it
>>> seems like it would be useful for browsers to create temporary
>> We currently don't have such a feature directly in KWallet but we do
>> have KPasswdServer which caches authentication information for some time
>> (actually not the whole session but less). What are session keyrings
>> used for in GNOME?
> Two reasons:
> * Sharing: Multiple applications can share a secret in the
> gnome-keyring 'session' keyring even though it won't be
> permanently stored.
> * Simplicity: So that GNOME apps can use the same code path for
> both storing secrets long term and short term.
> Also, I can imagine browsers using transient collections for things like
> 'incognito/private' mode, etc...
> Do you think they'd be useful in KDE, perhaps used as a backend for
Yeah, it sounds great for that purpose actually :-)
Actually the only thing that's different from how KPasswdServer currently
stores passwords is the items' lifetimes. But I guess it's enough to keep
that out of the spec and let it be handled by a separate daemon which just
removes the secrets when they expire.
Answering to the second mail in one go:
I think a lifetime till logout/suspend/hibernate is alright. The details
should be up to the daemon (and could even be configurable).
I think we could allow several transient collections at the same time,
however we should have one predefined default transient collection similar
to what keyring has (probably with a different name as we already have
More information about the Authentication