Reply To: Security

Allowing that the OS can give threads with a shared security domain common local memory in the service turf, putting service state in thread local memory should work beautifully. A handle may be a pointer, and any thread that can access the appropriate memory space in the service turf can then use the handle. Nice and fast.

And since attempted read to forbidden memory produces metadata state, the service can check if the handle is valid for very low cost.