[xmlsec] another nss patch

Tej Arora tejbiz@aol.com
Thu, 24 Jul 2003 09:24:39 -0700


Andrew Fan wrote:

 > Now every thing seems clear and clean. We use NSS slot and certificate
 > database. And they are the only two open thing that shared with user on
 > top of NSS. User can control slot and certDB in order to get what he
 > want. So we can design a key manager with preferences slot list( if slot
 > list used) and CertDB. Finding every external key from a slot, and
 > importing every iternal created key into a slot, importing every
 > internal certificated read from xml document inot CertDB, and validating
 > every certificate in a certain certDB. XmlSec do not care how to build a
 > slot list and how to manage certDB, users will admin those by
 > themselves. That's what I think about.
 >
 > Andrew

Andrew,

Everything you mentioned above, except the preferences slot list,
is already there in the code checked in.
Specifically:
a) the NSS db IS the cert, crl and key store
b) all certs/keys loaded from external sources (xml doc, file)
are loaded into the NSS db (as temporary objects, except crls
which become permanent objects)
c) users can admin certs/keys/crls directly in/out of nss db
and xmlsec app doesn't have to deal with it if it doesn't
want to


-Tej