Thoughts from Kevin Myer:



Has the idea of developing a Horde "wallet" ever been kicked around?  The idea

would be to allow a user (and/or an admin) to manage credentials for the many

different services they can access online.



It would be the equivalent to an online version of Apple's KeyChain, and would

solve a problem of not requiring that all your passwords need to be the same.

I have a small Horde install at home, running local copies of most of the

services my ISP provides.  I could just interface with their mail server

directly but its POP3 only.  So I need to make sure all my accounts match up

from my server at home, with my ISP accounts, which is a pain.  And do 
the same

for my wife.  And for my daughter (although she's only in the past 
week learned

enough to crawl over and bang on the laptop keys ;)  And accounts for our

online photo service, etc.



Design would be such that the data would be stored in an encrypted 
format, with

a user supplied key (either their horde_pass, or a separate token).  If they

supply the right key, they can decrypt their additional credentials and apps

can use them.  If you do this right, you don't have to fool around 
with all the

exceptions that are coded into each module.  Sometimes you need to use a hook,

sometimes Auth::getAuth(), sometimes Auth::getBareAuth(), etc.  Instead, you

write your code to a) use the contents of the wallet if they are available, or

b) use existing credentials.



Another useful application would be that an admin could setup a default set of

credentials for services that the organization subscribes to.  I wrote 
a portal

block to authenticate to an online training service we subscribe to - one

master userid and password to login there, but I don't want the users to know

what that is.  If they authenticate to horde, they can launch the training

modules from the portal.  It would be much slicker if each of them had the

credentials in their wallet, (unalterable and viewable by them of course),

because then I could also extend the idea of using Horde Permissions to

selectively provide certain sets of credentials to some users.



The idea of a wallet is sort of already done in the Fetchmail portion of IMP -

you supply information about other accounts you have and you can 
access mail on

other systems.



I propose a name of illeg ;)

No feedback.

I finally found some time to take a look at this application. Beside 
that it still needs a *lot* of cleanup in the code, UI, and 
documentation, there are a few issues I'd like to discuss:

- I'm not sure if I like the concept of all data being encrypted by a 
global password. While I see that this might be  necessary for shared 
passwords, I personally would never store a password in such a system. 
One should at least be able to select a personal or group password 
instead of the global one.

- Instead of creating a separate permissions system, Horde's 
permissions should be used instead, or even better, the password 
groups should be implemented as Horde Shares.

- Horde's Crypt or Cipher API should be used for en-/decryption and 
maybe the admin should be able to configure the cipher.

- The password group subscription doesn't make sense to me. If at all 
the groups should be imlemented as shares (see above) and selectable 
like the shares in other Horde applications. The password list should 
simply show all passwords from all selected shares.

it is written for current horde HEAD

Sure, attach it to this ticket. What version of Horde is it written for?

I've developed one new horde application called Safe. This application 
is used for storing passwords (password wallet) and supports groups / 
sharing of the groups / group subscription. If there is somebody 
intrested, I can send him that app. It's working, but it need a code 
cleanup :o).