(Illustration by Gaich Muramatsu)
I concur that this is a problem, and this worry is one of the things that keeps me from depending on coda more than I do. I think the issue can be solved by saying that expired tokens continue to work locally indefinitely (but that they can still be cleared with cunlog). This means that even after a brief reconnection they should work. Further, this needs to be stored in RVM so that a fresh start of venus while disconnected (e.g. after a reboot) still works. Yes, I usually suspend and don't have to do this, but sometimes one wants to or has to reboot. To argue that this is reasonable: on a local filesystem, one can access one's files indefinitely. Over a network, whkle the user's access at a high-level is valid until revoked, tokens are short-lived for the same sorts of reasons that kerberos tickets are short-lived (don't store long-term user keys). On my laptop, I could certainly go look at files in the cache, so declining to let me look at them with venus is sort of silly. The only argument I can think of against the expired-tokens-work-locally scheme is user separation on a multi-user possibly-disconnected client. But on such machines, one should cunlog at logout to remove rights, and perhaps flush all of one's data from the cache, depending on paranoia level. -- Greg Troxel <gdt_at_ir.bbn.com>Received on 2003-12-10 08:01:23