We have here 2 models in our discussion:
Using a 1:1 mapping between objects and endpoints. This requires a cmp() function.
Using the features of L4.sec (local names, endpoints and badges) to implement a capability system in user-level.
I think that is a fair representation of the two branches of the discussion.
So I split the discussion here in two parts. Because we discussed the first model here in DD today, I will start with them. Perhaps I could write some ideas of the second model in the next days....
We use the following copy()-example in our discussion:
A file server implements file-objects and distributes capabilities of them. It offers, for an atomic copy of a block from one file to another, a copy(src, dst) operation. Since both parameters are given by an client in one call, we have the multi-reference problem.
Are there other examples that cause problems?
Beside the need for a cmp() we found in the discussion that this operation needs to be limited. A transparent interpose of different endpoints with a single one is otherwise not possible. Bounding this "cmp()-right" to the receive right of an endpoint seems feasible.
So in summary I can say, we heavily think about, whether we extend our model with a cmp() operation...
Bernhard