| > Also, the client does NOT now it's venus UID, even though it has a
| > token, it can only see the cleartext part, but has no way of
| > validating it. I found this out when working on the hoard stuff.
| ??? When does this apply? vuid is used in permission checking. Is
| this during disconnection?
No, permissions are given to the local uid. The way this is done is a
bit indirect, the server grants permissions to an authenticated
connection, and the client associates the authenticated connection
with a local uid, and the permissions end up for the local uid. When we
consider something like PAG's, permissions would be associated with a
local PAG (or <PAG, uid> tuple).
The vuid is never used inside venus, and cannot be used, as only the
server can verify the validity of the token. If tokens would have a
digital signature, so that the client can validate it before accepting,
it _might_ be possible to trust information stored in the token. For now
any (arbitrary) blob of binary data can be given to a client as a token,
and the server is the one that can use information stored in it.
Jan
