Future of FLOSS password storages: combined solution soon?

In a recent discussion about the future of KDE’s password manager KWalletManager it was mentioned that it is currently discussed to share a common password manager across all important FLOSS projects. While there is no result yet this is indeed a promising – and necessary – development.

It started with a question by Michael on the list kde-core-devel regarding the possibility to switch KWalletManager’s backend to the Qt Cryptographic Architecture (QCA) entirely. Robert answered that there was indeed discussion going on during FOSSCamp to merge all existing solutions (KDE, GNOME, OpenOffice, Firefox) to make it easier for the user to use these applications, but also to have the ability to sing-sign-on (meaning one login as user, and than automatically login everywhere else), which is a need for modern desktops. Afaik Fedora also has this topic on its radar, and it would surprise me if no one at OpenSuse, which constantly tries to bring these two desktops closer, has already put some thought into that.

While there are no visible results currently the need for such a solution is definitely present: At the moment it can happen that there are multiple programs used to store different keys in one single user session: Firefox on KDE introduces for example a second key storage right besides KWalletManager. Since the Open Source world does not want to force any solution on anyone, it should be possible to switch between Konqueror and Firefox without the need to take care of your passwords.
Technically there is no reason against a shared password storage, but it might tricky to convince the application/desktop developers. On the other hand, if KDE would get a pluggable KWalletManager backend it could even become possible to use the native key storages on other platforms if such APIs exist.


5 thoughts on “Future of FLOSS password storages: combined solution soon?”

  1. A really important point in this whole thing is IMHO the need for a common format how the passwords/etc. are saved, as it doesn’t help when Firefox saves the passwords for a website as entry ‘foo’, while Konqueror uses entry ‘bar’ because it doesn’t know how to handle the data stored by FF in another format.

    This would also give us the chance to support multiple users on the same page as it is IIRC already done by Opera and Firefox.

    – Go to the website of service foo you want to log in
    – Select entry ‘foo’ from the ‘Name’ field
    – The password field is automagically set to the value belonging to user ‘foo’
    – If you decide to switch to entry ‘bar’ from the ‘Name’ field, the password is switched again

    In terms of handling access/read/write access to the central password storage, PolicyKit might come really handy.

    Regards, Elias P.

  2. It is way too early to be blogging about this as “coming soon”. Nothing has been agreed yet. There isn’t even have a solid proposal to put to developers from Gnome, Mozilla, OO.org or other projects.

    Generally speaking, I think it is not a good idea to make a big splash about such things until there is a workable plan and “buy in” from the necessary people.

  3. Can’t come soon enough.

    The first question when I put my wife on Kubuntu? “Why do I keep having to put my password in again and again, when I already logged on to my computer?”

    A good question that should be answerable to any user without resorting to explanations of different file encryption methods…

  4. Robert, I do agree that it can be difficult current development to early. However, the discussion about single-sign-on and shared password storages is already quite old and came up and down several times.
    Therefore, form my perspective, it is probably not the worst idea to show that there is indeed quite some user interest for such a solution.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s