Next: Browser Display Daemon
Up: Modular Approach
Previous: Modular Approach
Every object that is down-loaded by our browser log-in daemon
is assigned a sub-user id, which is bound to some permissions,
and is then stored in the file system.
Assignment of sub-user id's is similar to the log in mechanism of UNIX.
Objects that carry certificates are given more permissions than
unauthenticated objects. For example an authenticated object might get access
to /home/user_foobar, network access and unlimited resources,
whereas an unauthenticated objects might
only get access to /tmp with no access to the network and limited
CPU time and memory allocation.
In the current implementation we use the URL address is used to select
the sub-user id that will be assigned to the down-loaded object.
This approach of course is not really secure, ideally we should use some
sort of cryptographic token (e.g. a certificate) that is carried along
with the down-loaded object.