[xmlsec] another nss patch
Tej Arora
tejbiz at aol.com
Thu Jul 24 09:24:39 PDT 2003
Andrew Fan wrote:
> Now every thing seems clear and clean. We use NSS slot and certificate
> database. And they are the only two open thing that shared with user on
> top of NSS. User can control slot and certDB in order to get what he
> want. So we can design a key manager with preferences slot list( if slot
> list used) and CertDB. Finding every external key from a slot, and
> importing every iternal created key into a slot, importing every
> internal certificated read from xml document inot CertDB, and validating
> every certificate in a certain certDB. XmlSec do not care how to build a
> slot list and how to manage certDB, users will admin those by
> themselves. That's what I think about.
>
> Andrew
Andrew,
Everything you mentioned above, except the preferences slot list,
is already there in the code checked in.
Specifically:
a) the NSS db IS the cert, crl and key store
b) all certs/keys loaded from external sources (xml doc, file)
are loaded into the NSS db (as temporary objects, except crls
which become permanent objects)
c) users can admin certs/keys/crls directly in/out of nss db
and xmlsec app doesn't have to deal with it if it doesn't
want to
-Tej
More information about the xmlsec
mailing list