constraints in the identity provisioning format
* Use the system trust anchor store for user-provisioned identities and
- do something about naming
+ do something about naminge
+
+## User Web Provisioning Format
+ <identities>
+ <identity>
+ <display-name>Unique Name</display-name>
+ <user>user_name</user>
+ <password>ENCRYPTEDPW</password>
+ <realm>issuer name</realm>
+ <services>
+ <service>xmpp@jabber.project-moonshot.org</service>
+ <service>email@project-moonshot.org</service>
+ </services>
+ <selection-rules>
+ <rule>
+ <pattern>PATTERN</pattern>
+ <always-confirm>true</always-confirm>
+ </rule>
+ <rule>
+ <pattern>ANOTHER_PATTERN</pattern>
+ <always-confirm>false</always-confirm>
+ </rule>
+ </selection-rules>
+ <trust-anchor>
+ <ca-cert>ABCDEFGHIJKLMNOPQRSTUVWXYZ123455678910</ca-cert>
+ <subject>Foo</subject>
+ <subject-alt>Bar</subject-alt>
+ <!-- Or alternatively -->
+ <server-cert>ABCDEFGHIJKLMNOPQRSTUVWXYZ123455678910</server-cert>
+ </trust-anchor>
+ </identity>
+ <identity>
+ <display-name>Another Identity</display-name>
+ <username>another_username</username>
+ </identity>
+ </identities>