Rights Amplification

Fri Jun 10 15:59:10 CEST 2005

At Fri, 10 Jun 2005 15:38:27 +0200, Bernhard Kauer wrote:
> There is a grant problem. If a client X grant an object to Y and X dies,
> this does not mean, that the reference to the object is released...

Of course it does, X died and as a result the reference monitor gets a
task death notification.  If Y required the object beyond X's death,
it should have gotten its own reference but that is a different
problem.

> > > > Situation:  S -> C -> (1 reference) A -> B
> > > > 
> > > > 
> > > > Goal:             /-> (1 reference) A
> > > >             S-> C
> > > >                   \-> (1 reference) B
> > > > 
> > > 
> > > In your scenario both clients A and B have to cooperate with C
> > 
> > C needn't trust either A or B.
> 
> If client A asks the server C to map something it already has, from C to a
> client B, only the clients have to trust C to provide this service. 
> The server C needn't trust its clients for this operation...

Right, that's the point.  C is part of A and B's TCB; C does not trust
either A or B.