Key/Object equivalence?
Bryan Ford
baford@schirf.cs.utah.edu
Fri, 16 Dec 94 09:59:39 MST
A question to the KeyKOS people: How is key and/or object
equivalence handled in KeyKOS? Does KeyKOS provide a
way to compare two keys to see if they're identical?
If so, how is it used in practice? If not, are there
situations you can think of in which such functionality
would have been handy if it was available?
Is there a way to compare a key against a whole bunch of
other keys quickly, e.g. by taking some kind of hash function
of the bits that make up the key in the kernel? Do key banks
have any kind of "key search" feature, that allows you to
determine if a key already exists in a key bank? If so,
how is it used in practice?
Given that, is there any kind of higher-level notion of
"object equivalence" commonly used throughout a KeyKOS system?
For example, two keys may refer to the same "object" but
have different permissions and are therefore not "identical
keys" as far as the kernel is concerned. How is this
concept supported by KeyKOS servers, when it is needed?
Thanks!
Bryan