Investigate compliance of loading CKBI multiple times

[JeremyRand]

The pkcs11 spec says that an application shouldn't load the same module multiple times. This poses some interesting questions given our use case. We want to have a CKBI proxy module (or perhaps multiple CKBI proxy modules). Each CKBI proxy module wants to load the CKBI module, and NSS will load CKBI itself once as well. The spec seems to be unclear on whether we can do this. Specific questions:

1. What is the definition of an application? Specifically, if an application A loads modules C and P, and module P then loads module C as well, does this constitute application A loading module C multiple times?
2. What is the definition of a module? Specifically, if an application A opens the module "c1.so" and the module "c2.so", where both files have identical contents and deterministically behave identically, does the different filename cause them to be considered different modules, or are they the same module? What properties besides filename do or do not cause two .so files to be considered different modules?

My Google-fu seems to be failing on this one. Might be easiest to just ask on StackExchange.

[JeremyRand]

FWIW, ncp11 (as of 0465cbb ) proxies to CKBI, and this doesn't seem to cause any problems; Firefox and ncp11 both seem to load CKBI just fine.