XML version of feature plan

George Staikos staikos at kde.org
Thu Dec 5 15:05:05 GMT 2002 

On Wednesday 04 December 2002 19:28, Tim Jansen wrote:
> On Thursday 05 December 2002 00:04, George Staikos wrote:
> >    Propose design. :)  That was my project to start with, and really most
> > of the backend is done, though it needs some major fixes.
>
> I never understood the initial design of kwallet, probably because the
> client API is still missing. But my understanding of the basic idea (based
> on Mozilla's password manager) is:
>
> - you want to save authentication information for URLs
> - for each URL, one or more ways to authenticate ("entries") are managed by
> kwallet
> - each entry has a name, so the user can differentiate them when there is
> more than one entry for a URL
> - each entry has a type that specifies the data stored in the entry. Types
> are:
>   * username+password (for most protocols)
>   * password only (needed for RFB/VNC)
>   * a number of named fields, one of them is the password (for HTML form
> authentication)
> - the app or KIO module that uses kwallet decides the name, type and data
> of the entry

   Yes all of those things of course would be supported.  However I was hoping 
for something even more generic.  I was hoping for a backend which can store 
QDataStream/QByteArray type data, but then having a frontend API for storing 
common things like passwords.  This allows apps to store all kinds of 
sensitive data.  Note:  I need to be able to store X.509 certificate requests 
somewhere and I think this is a good place.  This is yet another reason for a 
very generic backend.

> > What should it look like, where does it hook in, etc?  I have some ideas
> > of what I would like to see, but I need to know what different apps and
> > KIO need.
>
> GUI for KIO modules and most apps:
> - the password dialogs needs a select box that allows the user to select
> one of the password that she has saved for the URL. If you select one of
> the entries, it will fill the username and password inputs of the pw dialog
> with this data
> - when you have entered a username+password, a dialog appears and asks
> whether you want to save this password (options: yes, no, never for this
> server). The username will be taken as name of the entry

    The idea was that this would hook into the existing kde password dialog.  
Dawit?  Any updates here?

> GUI for HTML pages:
> - when you submit a html form that has exactly one password field, show the
> same dialog as above. If the user clicks yes, save all values of the form
> and use the first one as name for the entry.

   Yes this is basically the same as above, but the form stuff needs to be 
handled separately.

> - when the user enters a HTML page that she has saved a password form for
> and the form still exists with the same field names, pre-fill the form for
> her. If there is more than one entry for the URL, ask the user which entry
> to take (and whether to make it the default and forget all other entries -
> the lack of this option really annoys me in Mozilla)

    This is rather straightforward too.

    Now the question is, are you serious about working on the frontend and API 
for this?  If so, I'll dig back into the backend.  I need to fix the crypto, 
finish the passwording, fix a few bugs, etc.  All in all it actually works 
now though.  The only problem is that the backend format/crypto will be 
changing for a while until I get it right.
    
-- 

George Staikos

More information about the kde-core-devel mailing list