On Tue, 2005-10-18 at 19:15 +0200, Marcus Brinkmann wrote: > > Please name a capability that does not require this management? > > All capabilities that are "single revocable copy only", ie, which are > mapped, but for which the receiver does not need (nor should) be > allowed to retrieve a copy.
I agree. And we have previously established that we need to understand how often this occurs in practice, and I have promised to describe where this pattern is used in EROS/KeyKOS. > The only operation that the receiver can perform is to pass this > capability to another server as a form of authentication. The question at hand concerns interaction with the cap server, and is orthogonal to authentication. The general pattern is any place where the sender transmits a capability that they wish to be able to selectively revoke later. I do understand that authentication tokens are an example of where this operation might be used. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
