Re: auth handshake and rendevouz objects

[Niels Möller]

Marcus Brinkmann <address@hidden> writes:

> Server S provides object, client A wants to copy or move a handle to this
> object to client B.
> 
> For this, A sends a message to S that says "insert a handle (send right) for 
> B".
> The server makes a note of that, but it doesn't actually create a real
> reference.  Then A sends a message to B that says "I just gave you the
> handle for the object".  Then B sends a message to the server S that says:
> "I accept reception of the handle from A" [1].
> 
> Now, in the case of moving a handle from A to B, A can safely remove its
> reference.  However, it must be careful not to do this too early on, before
> B has acknowledge receiving the handle from A to the server S.  Because
> otherwise there is a race that could lead to the object being destroyed
> before B acknowledges its reception.

The entity that keeps track of the number of references is S, right?
Perhaps one could give S the responsibility for doing the right thing
with references and decisions on killing the underlying object.

S could keep track of all unacknowledged handle, under the rule that
an unacknowledged handle should prevent the object from dyingso that
objects with unacknowledged handles are not destroyed. There should be
some timeout, after which the server will abort an unacknowledged
transfers are aborted.

I guess there *has* be some timeout anyway, so that the "notes" or
"unacknowledged references" that S keeps track of will expire if they
aren't acknowledgemed in a timely manner. Who should determines this
timout, A or S?

You may still want an acknowledgement so that A can know if the
transfer was successful. This can be sent by either B or S, it depends
on who you think are most qualified to know about success. B seems
more natural to be, but I'm not sure how much it matters. But this is
a success/failure indication for A, independent from reference
counting and object destruction.

/Niels