[Espen Skoglund]
> [Espen Skoglund]
>>> Given such a CapServer, the initial part of the protocol remains
>>> similar:
>>> STEP EFFECT ON SYSTEM STATE
>>> [Initially] CapServer has Cap.1
>>> A has Cap.1..x.1
>>> RevCopy(Cap.1..x.1)
>>> A --------------> CapServer CapServer has Cap.1..x.1.1
>>> [Intention: A is saying: I authorize CapServer to create
>>> capabilities that are co-equal to mine]
>>> CapServer ------> A [none: CapServer is returning]
>>> RevCopy(Cap.1..x.1)
>>> A --------------> B B has Cap.1..x.1.2
>>> RevCopy(Cap.1..x.1.2)
>>> B --------------> CapServer CapServer has Cap.1...1.2.1
>>> ??MagicOp??(Cap.1...x)
>>> CapServer ------> B [B has Cap.1..x.2]
>> Since CapServer knows that Cap.1..x.1.1 is identical to Cap.1, it can
>> perform the following last step:
>> RevCopy(Cap.1)
>> CapServer ------> B B has Cap.1.y
> Sorry. You actually want to make sure that
> "B has Cap.1..x.1"
> righy. My fault. Too quick to answer. Will have to get back to
> this one after a little thinking.
Just did a LITTLE thinking, and I have a question about what we REALLY
want here: Do we really want what I just stated? Or in other words:
Does B really want to trust the hierarchy between "Cap.1" and
"Cap.1..x" to not perform any revocation?
If the answer is NO then it seems to me that what we actually want is:
"B has Cap.1.y"
Comments?
eSk
_______________________________________________
L4-hurd mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/l4-hurd
