(Illustration by Gaich Muramatsu)
| > Also, the client does NOT now it's venus UID, even though it has a | > token, it can only see the cleartext part, but has no way of | > validating it. I found this out when working on the hoard stuff. | ??? When does this apply? vuid is used in permission checking. Is | this during disconnection? No, permissions are given to the local uid. The way this is done is a bit indirect, the server grants permissions to an authenticated connection, and the client associates the authenticated connection with a local uid, and the permissions end up for the local uid. When we consider something like PAG's, permissions would be associated with a local PAG (or <PAG, uid> tuple). The vuid is never used inside venus, and cannot be used, as only the server can verify the validity of the token. If tokens would have a digital signature, so that the client can validate it before accepting, it _might_ be possible to trust information stored in the token. For now any (arbitrary) blob of binary data can be given to a client as a token, and the server is the one that can use information stored in it. JanReceived on 1999-04-29 13:42:38