Secret Store and NSL
Novell Cool Solutions: Question & Answer
Reader Rating 
Q:
Secret Store is using attributes to store passord/username information
instead of the local user profile to allow the user to travel anywhere
and keep the username/passwords available. Is that correct?
A:
No, not really.
Lets look at NSL first. It uses a set of attributes to hold the scripts, ID's, and the passwords and configuration. These are encrypted and stored in the user object. The client un-encrypts the attributes when it reads them. No other software has the ability to read these attributes, so they cannot be shared with other applications.
SecretStore is also an attribute attached to the user. However, it is
only accessible from the Server by making an API call. This means that
software must be installed on servers (not all, but many - watch out for
the design). The Secret Store is encrypted using NICI and is unencrypted twice - once at the server and once at the workstation before it can be used. Other systems (iChain, Novell Portal Services etc.) can also read these attributes and there is a published API that allows other applications to update a user's details should this be required. There is also an option to allow for the password store to be unlocked should a user forget the password and passphrase.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com