Browser Log-in Daemon

  Every object that is down-loaded by our browser log-in daemon is assigned a sub-user id, which is bound to some permissions, and is then stored in the file system. Assignment of sub-user id's is similar to the log in mechanism of UNIX. Objects that carry certificates are given more permissions than unauthenticated objects. For example an authenticated object might get access to /home/user_foobar, network access and unlimited resources, whereas an unauthenticated objects might only get access to /tmp with no access to the network and limited CPU time and memory allocation.

In the current implementation we use the URL address is used to select the sub-user id that will be assigned to the down-loaded object. This approach of course is not really secure, ideally we should use some sort of cryptographic token (e.g. a certificate) that is carried along with the down-loaded object.