Rights Amplification
Bernhard Kauer
kauer at os.inf.tu-dresden.de
Fri Jun 10 16:55:05 CEST 2005
Hi,
some additional notes from me.
> Within this framework, the only directly supported operations on such
> capabilities are map, grant, unmap and IPC. The map operation can be
> used to delegate the capability, grant can be used to move the
> capability and unmap to revoke it. The IPC operation allows clients
> to send messages to an object, for example, to invoke operations on
> the object.
I think here is a difference to our view on capabilities: The IPC operation
allows to send a message through an endpoint to a server. The server could
somehow identify the sender of a message.
Using this sender identification as object reference, where the server
invokes an operation on, is possible only if a single object reference is
needed. As mentioned by Neal last week this does not work for multiple
references.
By using the sender id as an reference for a user, this problem is gone.
To demonstrate the difference between these two attempts, look at a simple
fileserver. If only read/write operations are needed the sender id could
be the file number. But with an operation which needs multiple files like
copying between two files, the sender id should identify only the user,
but not the file anymore.
Bernhard
More information about the l4-hackers
mailing list