A common VFS and a Common conf-system [Part II]

[Waldo Bastian]

On Thursday 03 March 2005 10:00, Alexander Larsson wrote:
> You have to do authentication callbacks in the process doing the actual
> i/o request. Otherwise things like gnome-keyring that depend on which
> binary did the request to decide access rights won't work.
>
> Authentication caching is a very complicated issue. When do you cache?
> How long do you cache? Is the cache shared between apps (and how does
> this affect security vs ease of use)? How do you log in as someone else
> when you've already logged in?
>
> One thing that makes authentication caching is the connectionless model
> that e.g. gnome-vfs has. We don't know that there is an "active
> connection" to some ftp server (say, nautilus is displaying it), so we
> can't tie cache lifetimes to a connection. On the other hand, we likely
> want to reuse the connection nautilus uses in e.g. gedit if we click on
> a text file in the nautilus window, so we can't tie the connection only
> to nautilus. I think you'd want a higher level object above the file
> access operations, but slightly less than a full connection object.

Yes, you want to have some notion of "session" fom a user point of view. What 
we have done in KIO is that we (optionally) tie io-requests to the window 
(X11 window id) in which the requests originates (for starters, that way we 
know where to put the authentication dialog) we then keep track of when such 
window gets deleted and flush the authentication data that was associated 
with it.

If there is no window specified we use a short timeout instead.

Cheers,
Waldo
-- 
bastian at kde.org   |   Free Novell Linux Desktop 9 Evaluation Download
bastian at suse.com  |   http://www.novell.com/products/desktop/eval.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20050303/9514a6fe/attachment.pgp