Werner Keil wrote on 01/30/12 15:31:
> Looks good.
>
> It seems similar to resource filtering done by common build systems like Maven
> or Ant.
>
> Where is the actual value taken from, or would that be left to each implementation?
The actual value of the password could be stored in some product-specific
location, or it could be provided with the application in some sort of
secure storage facility, e.g., a PKCS#12 keystore file. If there's support
for the general approach, we'll provide more details on the latter (see
the open issues at the end of the paper).