(no title)

http://wiki.erights.org/wiki/Walnut/Secure_Distributed_Compu...

http://www.skyhunter.com/marcs/ewalnut.html#proofOfPurchase

If the opaque handle is part of the Membrane pattern, you can even avoid most race conditions, because even during the indexing, the capabilities can be used to access documents and that removes the possibility of a TOCTOU race.

http://wiki.erights.org/wiki/Walnut/Secure_Distributed_Compu...