= Xorg Developer's Conference - Security Talk =

Rough outline of talk/discussion follows:

== Security Advisories/Response ==
 * Not covered

== X Authentication/Transport ==
 * Loadable module support for authentication methods.  Could be done: provide registration function, call callback list passing connection setup information plus file descriptor; callback performs authentication entirely before returning decision to server.
 * Xtrans improvements.  XCB doesn't use it.  Could make it an actual library.  Is a filehandle a sufficient abstraction?
 * XC-QUERY-SECURITY rework.

== Fine-Grained Access Control ==
 * Have a research paper; will post link.
 * Improved resource lookup functions: still thinking about the prototype for dixLookupResource.  Not sure if the Dix``Read``Access/Dix``Write``Access flags are useful or necessary.
 * Use the resource system to store your module's objects.
 * Don't multiplex different operations through the same protocol request.

== Other Security Work of Note ==
 * Security error handling.  Right now, the Security extension "hides" denials from the user by returning false information.  I would like to see the server begin returning actual errors, preferably Bad``Access.
 * devPrivates rework.  Currently have separate functions for each supported structure.  Could standardize this into one set of functions.
 * Need to add devPrivates to additional structures: Property``Rec.
 * Window labeling: currently exporting properties to window manager.  Feature request: need secure area for showing labels.
 * Secure handling of input events.  Secure attention key support.

== Applications ==
 * Shared Display Wall