From 28ed9f02cd60403d2b1a92c13f1c06058fa58136 Mon Sep 17 00:00:00 2001 From: Michael Leupold Date: Sat, 1 Aug 2009 13:00:19 +0200 Subject: Add params to control toc generation. --- secret-service/params-html.xsl | 34 ++++++++++++ secret-service/specification.xml | 95 ++++++++++++++++++++------------ secret-service/tools/spec-to-docbook.xsl | 6 +- 3 files changed, 97 insertions(+), 38 deletions(-) create mode 100644 secret-service/params-html.xsl (limited to 'secret-service') diff --git a/secret-service/params-html.xsl b/secret-service/params-html.xsl new file mode 100644 index 0000000..5f3fb27 --- /dev/null +++ b/secret-service/params-html.xsl @@ -0,0 +1,34 @@ + + + + + + 3 + 0 + + book toc + part nop + chapter nop + + style.css + ansi + + diff --git a/secret-service/specification.xml b/secret-service/specification.xml index 6301ff8..b631b6f 100644 --- a/secret-service/specification.xml +++ b/secret-service/specification.xml @@ -75,7 +75,7 @@ Secrets may be encrypted when transferred to the client application and vice versa. - The Secret structure encapsulates + The Secret structure encapsulates a secret value along with it's transfer encryption parameters. @@ -105,18 +105,20 @@ The service must prevent locked collections or items from modification. On such an invalid access the - IsLocked + IsLocked error should be raised. Client applications without special requirements should store in the default collection. Use the - DefaultCollection + + DefaultCollection property on the Service interface to determine the default collection. In addition the default collection is always accessible through a specific object path. Client applications with special needs can create a new collection by calling the - CreateCollection() + + CreateCollection() method on the Service interface. A client application must have opened a session before a collection can be created. The @@ -126,11 +128,12 @@ private argument when creating a collection. Client applications that demand this feature, should check the the - Private property - after creating a collection to see if the request for a private collection was ignored. + Private + property after creating a collection to see if the request for a private collection + was ignored. A collection can be deleted by calling the - Delete() + Delete() method on the Service interface. A client application must have opened a session before a collection can be created. However the collection does not need to be unlocked. In addition private collections can @@ -167,16 +170,18 @@ between the client application and the service. A session is established by calling the service's - OpenSession() + + OpenSession() method. Once established, a session is bound to calling application's connection to the DBus session bus. Generally only one session can be established per client application. Calling OpenSession() a second time results in an - AlreadyExists + + AlreadyExists error. A session is closed when the client application disconnects from the DBus session bus. Alternatively the client application can call the - Close() + Close() method on the session interface. Once a session is closed all session specific negotiations and authentication should be dropped by the service. @@ -214,13 +219,14 @@ The client application opens a session with the service, and then calls the - - Negotiate() method on that session. The algorithms argument to the + + Negotiate() method on that session. The algorithms argument to the Negotiate() method specifies a set of algorithms to be used together for key agreement and encryption. The other arguments are algorithm specific. If a service does not support a specific set of algorithms, a - NotSupported + + NotSupported error is returned, and the client is free to try another set of algorithms. The plain algorithm is almost always supported. @@ -231,21 +237,29 @@ Once an algorithm has been negotiated, it is used for all transfer of secrets between the service and the client application in both directions. Algorithm specific parameters may be transfered with each - secret. + secret.
Algorithm: plain - - Algorithm string: plain - - Negotiate input: empty string - - Negotiate output: empty string - - Secret parameter: empty string - + + + Algorithm string + + Negotiate input + + Negotiate output + + Secret parameter + + + plain + empty string + empty string + empty string + + The plain algorithm does no encryption whatsoever. @@ -256,15 +270,23 @@
Algorithm: dh-ietf1024-aes128-cbc-pkcs7 - - Algorithm string: dh-ietf1024-aes128-cbc-pkcs7 - - Negotiate input: client dh pub key as an array of bytes - - Negotiate output: service dh pub key as an array of bytes - - Secret parameter: 16 byte AES initialization vector. - + + + Algorithm string + + Negotiate input + + Negotiate output + + Secret parameter + + + dh-ietf1024-aes128-cbc-pkcs7 + client dh pub key as an array of bytes + service dh pub key as an array of bytes + 16 byte AES initialization vector + + TODO: Document
@@ -281,7 +303,8 @@ In order to unlock an item or collection a session is established by the client application, and the - BeginAuthenticate() + + BeginAuthenticate() method is called with one or more DBus object paths of items or collections. The BeginAuthenticate() method is asynchronous and may return before the item is actually unlocked. @@ -291,11 +314,13 @@ After the service tries to unlock an item or collection, whether successfully or unsuccessfully, the - Authenticated + + Authenticated() signal on the session interface is emitted. The client application may, but is not required to, call the - CompleteAuthenticate() + + CompleteAuthenticate() method. One or more DBus object paths of items or collections that BeginAuthenticate() was previously called with, can be passed in. The CompleteAuthenticate() returns the items that were successfully authenticated. In addition if the unlock process is not diff --git a/secret-service/tools/spec-to-docbook.xsl b/secret-service/tools/spec-to-docbook.xsl index e37c1a7..1de1f89 100644 --- a/secret-service/tools/spec-to-docbook.xsl +++ b/secret-service/tools/spec-to-docbook.xsl @@ -498,12 +498,12 @@ - - - + - + - + , -- cgit v1.2.3-54-g00ecf