Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upImplement contextual identity? #11777
Comments
|
The difficulty with the "one channel per context" scheme that #11544 is implementing is that we can't select over a dynamic set of channels. |
|
Isn't the idea that each producer/consumer only uses one of the channels? (e.g. a Work pipeline only uses the Work channel, which talks to the Work cookie store.) |
|
Sure; that system works as long as there is a static set of contexts defined, rather than a dynamic set. |
|
Hmm, isn't the point of the capability-based version of private browsing that a script thread at security level L only needs access to one channel, whose other end is the resource thread at security level L? There shouldn't be any threads which need both the high-security and low-security channels. Presumably, I am missing something! |
|
@asajeffrey In the current model, context is determined by channel and there's a single thread that selects over the different channels and responds appropriately. An alternate model is that we have a separate thread per context (which would enable dynamic numbers of different contexts), but that seems like an inefficient use of resources to me. |
|
@jdm: we would be using one thread per context, but I think this a reasonable penalty since a) there's not very many of them (I think the default is something like 6) and b) it's going to be a lot easier to security audit. For example, we could make the private browsing cookie jar in-memory, and then audit the code for "doesn't touch the file system". |
|
I thought you could select over a dynamic set of channels. You have to rebuild the select structure if you want to change it, and the underlying API isn't safe, but it can be done. |
Firefox is getting contextual identity: https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers Implementing something like this in Servo should be straightforward, once we've got private browsing in place.