On Fri, 2005-10-14 at 16:12 +0200, Marcus Brinkmann wrote: > At Thu, 13 Oct 2005 22:04:20 -0400, > "Jonathan S. Shapiro" <[EMAIL PROTECTED]> wrote: > > > > REVOCABLE COPY > > > > L4 EROS/Coyotos Notes > > Primitive? Yes No [1,6] > > Delegatable revocation? No Yes [3] > > Just as a side note, _if_ you can make a copy of your capability, you > could delegate the revocation right in L4 by deriving the revocable > copy from your own copy, and then grant your copy to some other > process.
This allows transfer of delegation authority, but not sharing of delegation authority. This violates uniformity of mechanism: why should this one right have this funny restriction when everything else operates consistently? The solution is to make the wrapping object (which exists implicitly in L4 in the form of the database node) explicitly named by a capability, but I think this would require a substantial re-think of L4sec's current design. I shall answer the remainder of your note in a little while -- I need to run out. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
