From mboxrd@z Thu Jan  1 00:00:00 1970
From: Harry Butterworth <harry@hebutterworth.freeserve.co.uk>
Subject: Re: Re: Interdomain comms
Date: Tue, 10 May 2005 17:42:25 +0100
Message-ID: <1115743345.32540.160.camel@localhost>
References: <0BAE938A1E68534E928747B9B46A759A6CF3AC@EXCNYSM0A1AH.nysemail.nyenet>
	<1115486227.4082.70.camel@localhost>
	<a4e6962a050507142932654a5e@mail.gmail.com>
	<1115503861.4460.2.camel@localhost>
	<a4e6962a050507175754700dc8@mail.gmail.com>
	<eacc82a4050508011979bda457@mail.gmail.com> <42807150.3030907@hp.com>
	<eacc82a405051003094d84c011@mail.gmail.com>
	<1115736719.11547.132.camel@localhost>
	<eacc82a405051008243195164c@mail.gmail.com>
	<eacc82a405051008261f21147@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <eacc82a405051008261f21147@mail.gmail.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: andrew.warfield@cl.cam.ac.uk
Cc: Eric Van Hensbergen <ericvh@gmail.com>, Mike Wray <mike.wray@hp.com>, xen-devel@lists.xensource.com, "Ronald G. Minnich" <rminnich@lanl.gov>, Eric Van Hensbergen <ericvh@users.sourceforge.net>
List-Id: xen-devel@lists.xenproject.org

On Tue, 2005-05-10 at 16:26 +0100, Andrew Warfield wrote:

> I think we are all keen to move in the direction of having no xend but
> rather a small set of single purpose daemons that handle specific
> tasks and map well on to the emerging security primitives.

Yep.

> Connection setup this way does map on to the connect/listen semantics
> that Mike has been advocating.  For example, on a request to add a new
> frontend, the backend driver will create a simple state machine for
> the new device channel and assign an unbound event channel to it.  It
> will then move out of this (unbound) "listening" state when the front
> end connects to the event channel and sends the first notification.

The above description happens to fit inside my endpoint_create call too.

I think the significant constraints in this area are that the choice of
connect/listen semantics must be compatible with the introduction
mechanism and the security requirements.

With my API I assumed a symmetrical connection process where both ends
created an endpoint for the same address and the IDC implementation did
the work of binding them together.  I didn't give any thought to the
implications for the introduction mechanism or the security requirements
or consider any other options so I'm not particularly attached to this
aspect of my proposal.  I was primarily trying to communicate the buffer
abstractions.