[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ANN: ANTS v2.0



>Does that associate identity with the type of the capsule or with the
>instance of the capsule?  (I'm assuming that two different instances
>of PingCapsule could have different identities, so the above is a bit
>confusing.)

Type or instance?  I am confused.  But I can say that if two identities
try to run a Ping through the same node, two copies of the code run
in two different protection domains.  Yes, ugly.  And maybe someday
we can fix that using the SUN JAAS which associates privileges with
a thread of execution rather than the code.  But we haven't gotten that
far.

>If this support existed in the NodeOS, it should be pretty
>straightforward to add to ANTS, I hope (just adding an extra parameter
>to a lot of methods).  And, hopefully, it wouldn't require tossing out 
>the existing access checks (which are mostly ANTS-specific checks).

I thought the idea in the NodeOS community was that each NodeOS call
contains the flowid and if the create-a-flow call contained the credentials
then the flowid could be a indirect reference to the credentials.

And, let me again caution, that this is leaving it up to the EE to
correctly identify the flowid (and therefore the security domain) on
each call.  Putting the EE pretty soundly in the "trusted" category.

--Sandy




[ Janos ] [ OSKit ] [ Network Testbed ] [ Flick ] [ Fluke ]
Flux Research Group / Department of Computer Science / University of Utah