[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ANN: ANTS v2.0

To: sandy@tislabs.com, tullmann@cs.utah.edu
Subject: Re: ANN: ANTS v2.0
From: Sandy Murphy <sandy@tislabs.com>
Date: Fri, 16 Feb 2001 09:53:11 -0500 (EST)
Cc: andrew@cs.washington.edu, janos-discuss@fast.cs.utah.edu
Sender: owner-janos-discuss@fast.cs.utah.edu

>Does that associate identity with the type of the capsule or with the
>instance of the capsule?  (I'm assuming that two different instances
>of PingCapsule could have different identities, so the above is a bit
>confusing.)

Type or instance?  I am confused.  But I can say that if two identities
try to run a Ping through the same node, two copies of the code run
in two different protection domains.  Yes, ugly.  And maybe someday
we can fix that using the SUN JAAS which associates privileges with
a thread of execution rather than the code.  But we haven't gotten that
far.

>If this support existed in the NodeOS, it should be pretty
>straightforward to add to ANTS, I hope (just adding an extra parameter
>to a lot of methods).  And, hopefully, it wouldn't require tossing out 
>the existing access checks (which are mostly ANTS-specific checks).

I thought the idea in the NodeOS community was that each NodeOS call
contains the flowid and if the create-a-flow call contained the credentials
then the flowid could be a indirect reference to the credentials.

And, let me again caution, that this is leaving it up to the EE to
correctly identify the flowid (and therefore the security domain) on
each call.  Putting the EE pretty soundly in the "trusted" category.

--Sandy

Follow-Ups:
- Re: ANN: ANTS v2.0
  - From: Patrick Tullmann <tullmann@cs.utah.edu>

Prev by Date: Re: ANN: ANTS v2.0
Next by Date: Re: ANN: ANTS v2.0
Prev by thread: Re: ANN: ANTS v2.0
Next by thread: Re: ANN: ANTS v2.0

[ Janos ] [ OSKit ] [ Network Testbed ] [ Flick ] [ Fluke ]
Flux Research Group / Department of Computer Science / University of Utah