I'd like to establish a standard URI based naming scheme that allows fully referencing any object stored in a PKCS#11 token by name.
There are multiple possible URI scheme's that could do this with the simplest being the following: Proposal 1: Simple Positioning ------------------------------ pkcs11:[<token label>]:[<manuf>]:[<model>][<serial>]:<object label> eg: pkcs11::::MyFooKey pkcs11:Sun Softtoken::::SignKey pkcs11:Exam 456:Example Co Inc:Super2000:A435F32:HostFooSSLKey The downside to that simple scheme is the multiple colons make it too easy to make a mistake. Proposal 2: Named valued ------------------------ pkcs11:[;token=<label>][;manuf=<label>][;serial=<label>][;model=<label>][;object=<label>] eg: pkcs11:object=MyFooKey pkcs11:token=Sun Softtoken;object=SignKey pkcs11:token=Exam 456;manuf=Example Co Inc;model=Super2000;serial=A435F32;object=HostFooSSLKey I'd like some discussion on this. I don't personally see a need for the slot name to be specified here but I wouldn't object to it being added in. I also haven't purposely added any ability to specify the PIN, however specifying wither a login is expected or not might be useful. -- Darren J Moffat
