(no commit message)

[devwiki.git] / design / trust-anchor.mdwn

diff --git a/design/trust-anchor.mdwn b/design/trust-anchor.mdwn
index ed0a74d..15a4f93 100644 (file)
--- a/design/trust-anchor.mdwn
+++ b/design/trust-anchor.mdwn
@@ -84,4 +84,39 @@ The server certificate hash field is mutually exclusive with the other fields.
   constraints in the identity provisioning format
 
 * Use the system trust anchor store for user-provisioned identities and
-  do something about naming
+  do something about naminge
+
+## User Web Provisioning Format
+    <identities>
+      <identity>
+        <display-name>Unique Name</display-name>
+        <user>user_name</user>
+        <password>ENCRYPTEDPW</password>
+        <realm>issuer name</realm>
+        <services>
+          <service>xmpp@jabber.project-moonshot.org</service>
+          <service>email@project-moonshot.org</service>
+        </services>
+        <selection-rules>
+          <rule>
+            <pattern>PATTERN</pattern>
+            <always-confirm>true</always-confirm>
+          </rule>
+          <rule>
+            <pattern>ANOTHER_PATTERN</pattern>
+            <always-confirm>false</always-confirm>
+          </rule>
+        </selection-rules>
+        <trust-anchor>
+          <ca-cert>ABCDEFGHIJKLMNOPQRSTUVWXYZ123455678910</ca-cert>
+          <subject>Foo</subject>
+          <subject-alt>Bar</subject-alt>
+          <!-- Or alternatively -->
+          <server-cert>ABCDEFGHIJKLMNOPQRSTUVWXYZ123455678910</server-cert>
+        </trust-anchor>
+      </identity>
+      <identity>
+        <display-name>Another Identity</display-name>
+        <username>another_username</username>
+      </identity>
+    </identities>