On Tue, Dec 30, 2014 at 5:07 PM, Jan Pechanec
<jan(_dot_)pechanec(_at_)oracle(_dot_)com> wrote:
On Tue, 30 Dec 2014, Nico Williams wrote:
As to how to say anything about this, here's what comes to mind:
Given a PKCS#11 URI template [RFC6570], an application MAY support
listing URIs of PKCS#11 resources such that the resulting URIs can
later be used to access the same resources if the template captured
the necessary context.
I like the use of the templates. I just quickly read through
the RFC. It looks that, for example, when generating a key pair, the
application could support a default template with empty variables
which would be used to optionally list a URI based on the
CK_OBJECT_HANDLE of the generated key pair. And it could accept a
different one to override the default. As mentioned above, I'd like
to explicitly express that URI list is context specific. I slightly
modified the paragraph above:
When listing URIs of PKCS#11 resources the exact set of
attributes used in a URI is inherently context specific. A
PKCS#11 URI template [RFC6570] support MAY be provided by a
URI generating application to list URIs to access the same
resource(s) again if the template captured the necessary
context.
Excellent.
I think we wouldn't need to say more about the matter.
Agreed.
Nico
--