Hello Greg,

thanks for your input!

> only argument I can think of against the expired-tokens-work-locally
> scheme is user separation on a multi-user possibly-disconnected
> client.  But on such machines, one should cunlog at logout to remove
> rights, and perhaps flush all of one's data from the cache, depending
> on paranoia level.

I think Venus is caching the access rights per cached object/accessing uid
and uses that info in disconnected mode. If it could distinguish between
uids with "current" tokens, who may update that cache, and uids with "old"
tokens, who are to use that cache, it would be relatively safe on
multiuser systems, too.

I believe that right now Venus behaviour depends only on "realm state",
i.e. connected vs disconnected, per realm, while it would have to maintain
a corresponding state per uid, for old tokens to work as expected...

Don't know if it is at all possible semantically and feasible technically.
Hope yes :)

Cheers,
--
Ivan