Cornelius Kölbel

@plettich Which CC is it?

We add docs: * in the description within pi.cfg * in the READ-BEFORE-UPDATE * a generic comment * comments in the upgrade steps, where the audit log schema was changed

(incorporated in main top comment) ~~What would be a container?~~ ~~* smartcard~~ ~~* yubikey (actually is a kind of smartcard)~~ ~~* nitrokey (actually is a kind of smartcard)~~ ~~* mooltipass~~...

incorporated in top comment ~~We should not be sure that a content can only be contained in on container. This is the same simple (wrong) assumption like that a token...

Is a container a tokenclass or another entity? * A container is **assigned to a user** * A container could have a **PIN** or password * A container can be...

Incoportated in top comment ~~Containers could be:~~ ~~* SmartcardClass~~ ~~* YubikeyClass(ContainerClass)~~ ~~* SmartphoneClass~~ ~~But "container" sounds too technical. What is a container, is it a "device"?~~

A user actually authenticates with a token, but not with a container / device. So the question is, if these containers (smartcard, smartphone) actually should be located in the token...

2024-01-15 Discuss: Do we need nested containes? See the keyring?

We would also need the resolver, to find the corresponding valu ein the tokenowner table. However, when specifiying the user_id this is fine, since we would not need a resolver-request...

@katgirl for now you could use a number of registration code tokens as backup tokens/codes. You could do this without any further privacyidea code modification. I also confirm with @plettich...