On Tue, Oct 13, 2009 at 02:27:10AM -0700, Darren J Moffat wrote: > 4.1.2 PKCS#11 URI > > The format of PKCS#11 URI was designed in Sun with possible future > integration into the PKCS#11 standard in mind, and was discussed openly > in the community mailing list. Its format follows. The ordering of > attributes is NOT significant but every attribute can can be used at > most once. > > pkcs11:[token=<label>][;manuf=<label>][;serial=<label>][;model=<label>] > [;object=<label>][;objecttype=(public|private|cert)] > [;passphrasedialog=(builtin|exec:<file>)]
This could be extremely useful in general (for example, in the configuration for software such as pam_pkcs11(5), and pam_krb5(5), with PKINIT). I think you should follow the procedures described in RFC4395 and register this URI scheme, particularly since you call it a URI. The process is rather simple: fill out a form, send it to a specified mailing list, answer questions from an expert reviewer, and you're done. Aside: IMO we should eventually register the SMF/FMA FMRI (particularly when we add remote SMF support), and even IPS pkg URI schemes, once they are sufficiently stable. URI scheme registration costs little, buys us a modicum of protection from potential future conflicts, and helps others understand our URI schemes, should they run into them. Nico --
