On Wed, 17 Dec 2014, Nico Williams wrote: >> > hi all, the draft is in the middle of the last call with >> > comments to be sent till Dec 29. There are a few nits to be fixed but >> > we also got two independent inquiries about adding slot attributes. >> > One is internal to Solaris, another is from an engineer who would like >> > to replace some pam_pkcs11 module config attributes with one PKCS#11 >> > URI. One of the attributes there is "slot_description" and apparently >> > it's useful and being used there. >> > >> > I think that having slot attributes is useful. >> > >> > obvious choice is this: >> > >> > pk11-slot-desc = "slot-description" "=" *pk11-pchar >> > pk11-slot-manuf = "slot-manufacturer" "=" *pk11-pchar >> > pk11-slot-id = "slot-id" "=" 1*DIGIT >> > >> >> I don't mind adding "slot-description" and "slot-manufacturer" if someone >> finds them useful but I can't recommend adding "slot-id". I personally > >The cases I've seen where this is useful are ones where the PKCS#11 >provider library provides unified access to multiple types of >slots/tokens, and the application is trying to obtain user credentials >from a user's removable token (smartcard). I agree that if we add slot description and manufacturer attributes, we should add slot ID as well. <...> >I think the descriptions of these slot-specific attributes should be >very explicit about their general unreliability, and they should explain >when they can be useful. agreed. J. -- Jan Pechanec <jan.pechanec@xxxxxxxxxx>