The guid accessor generates a pseudo-unique guid. The result is a document with a root element <guid> containing the identifier. Here is an example:

<guid>799E740CDD625D1E178328737EDFD493</guid>

Note: The guid accessor generates the guid based upon a set of pseudo-random inputs, including an optional seed operand document. It has not been certified to generate a guaranteed globally unique ID. However for applications that require convenient session tokens and which provide unique seed documents the generated guids will be locally unique.

If your application requires truely globally unique ID's we recommend you customize the guid accessor.

Security

The guid accessor like all security technologies should be treated with care. If the following precautions are observed the guid accessor provides a convenient trustworthy security tool.

Concurrency

The dexter kernel allows concurrent execution of xml applications. In this first version of the kernel there is no application isolation. Therefore the potential exists for a malicious xml application to attempt to view the variables and data of another application.

It is perfectly possible to create xml security applications on the dexter kernel, just ensure that they are executed in isolation in a known clean instance of the kernel runtime. Any application that is performing security critical operations should be deployed in a clean application space (the xapp/ directory) which only contains trusted xml applications. The kernel should also be configured to limit concurrency with appropriate configuration of transports and system.xml properties.

The default demonstraion xapp/ xml application space is not trustworthy for a secure application. Create a clean space of your own and configure the kernel to use your application space by setting <xappPath> in the system.xml configuration document.

Future versions of the dexter kernel will support full access control and provide complete application isolation.

---

(C) 2003, 1060 Research Limited