| > Also, the client does NOT now it's venus UID, even though it has a
| > token, it can only see the cleartext part, but has no way of
| > validating it. I found this out when working on the hoard stuff.

| ??? When does this apply? vuid is used in permission checking.  Is
| this during disconnection? 

No, permissions are given to the local uid. The way this is done is a 
bit indirect, the server grants permissions to an authenticated
connection, and the client associates the authenticated connection
with a local uid, and the permissions end up for the local uid. When we 
consider something like PAG's, permissions would be associated with a 
local PAG (or <PAG, uid> tuple).

The vuid is never used inside venus, and cannot be used, as only the
server can verify the validity of the token. If tokens would have a
digital signature, so that the client can validate it before accepting,
it _might_ be possible to trust information stored in the token. For now 
any (arbitrary) blob of binary data can be given to a client as a token,
and the server is the one that can use information stored in it.

Jan