A Solution

Identity tokens
Processes can have one, several or none
Can be obtained at any time
Can be destroyed
Can be given to others

Hurd implementation
Auth
Creates tokens
Trusted mediator between clients
Verifies tokens
Lives on `/servers/auth'
Password server
Hands out identity tokens after authentication
Lives on `/servers/password'