> Typically, we don't do access control at the vat level, but at theNaturally. One of the peculiar aspects of widget architecture is that
> reference level. Typically, the vat identifier is just a
> self-authenticating identifier, like a fingerprint of the Vat's public
> key. Since the communication channels in this case are local, we don't
> need crypto to secure them, so really, any old string is perfectly
> fine as a vat identifier. This is fortunate, since the Gears API
> doesn't seem to give us any control over the worker ID.
you have multiple vats that represent a common interest, but which
initially have no knowledge of each other, which want to communicate,
but cannot rely on the page to do the introduction.
They could manage the introduction through their common server, but
that will add a couple of roundtrips to the startup time, something
we'd like to avoid.
An alternative would be if the vat manager could facilitate such
introductions. For example, it could accept requests of the form:
Please introduce me to all of the services that were vended from the
same domain as myself.